--- sssd-1.13.4.orig/.git-commit-template +++ sssd-1.13.4/.git-commit-template @@ -0,0 +1,9 @@ +COMPONENT: Subject + +Explanation + +Resolves: +https://fedorahosted.org/sssd/ticket/XXXX + +# Try to keep the subject line within 52 chars ----| +# Also please try to not exceed 72 characters of length for the body --| --- sssd-1.13.4.orig/.tx/config +++ sssd-1.13.4/.tx/config @@ -0,0 +1,13 @@ +[main] +host = https://www.transifex.com + +[sssd.master-po-sssd-pot] +file_filter = po/.po +source_file = po/sssd.pot +source_lang = en + +[sssd.sssd-docspot_1] +file_filter = src/man/po/.po +source_file = src/man/po/sssd-docs.pot +source_lang = en + --- sssd-1.13.4.orig/Vagrantfile +++ sssd-1.13.4/Vagrantfile @@ -0,0 +1,77 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Fedora blog on creating Vagrant files: +# http://fedoramagazine.org/running-vagrant-fedora-22/ + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "fedora-22" + config.vm.box_url = "http://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-22-20150521.x86_64.vagrant-libvirt.box" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # sudo apt-get update + # sudo apt-get install -y apache2 + # SHELL + + config.vm.provision :shell, path: "contrib/vagrant/bootstrap.sh" +end --- sssd-1.13.4.orig/contrib/suse/sssd.spec.in +++ sssd-1.13.4/contrib/suse/sssd.spec.in @@ -0,0 +1,301 @@ +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib(1))")} +%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib())")} + +Name: @PACKAGE_NAME@ +Version: @PACKAGE_VERSION@ +Release: 0@PRERELEASE_VERSION@%{?dist} +Group: Applications/System +Summary: System Security Services Daemon +# The entire source code is GPLv3+ except replace/ which is LGPLv3+ +License: GPLv3+ and LGPLv3+ +URL: http://fedorahosted.org/sssd/ +Source0: %{name}-%{version}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +%global dhash_version 0.4.0 + +### Patches ### + +### Dependencies ### + +Requires: libldb0 >= 0.9.3 +Requires: libtdb1 >= 1.1.3 +Requires: sssd-client = %{version}-%{release} +Requires: libdhash = %{dhash_version}-%{release} +Requires: cyrus-sasl-gssapi +Requires(post): python +Requires(preun): aaa_base procps filesystem +Requires(postun): /sbin/service + +%global servicename sssd +%global sssdstatedir %{_localstatedir}/lib/sss +%global dbpath %{sssdstatedir}/db +%global pipepath %{sssdstatedir}/pipes +%global pubconfpath %{sssdstatedir}/pubconf + +### Build Dependencies ### + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: m4 +BuildRequires: popt-devel +BuildRequires: libtalloc-devel +BuildRequires: libtevent0-devel +BuildRequires: libtdb1-devel +BuildRequires: libldb0-devel +BuildRequires: libcares-devel +BuildRequires: dbus-1-devel +BuildRequires: dbus-1 +BuildRequires: openldap2-devel +BuildRequires: pam-devel +BuildRequires: mozilla-nss-devel +BuildRequires: mozilla-nspr-devel +BuildRequires: pcre-devel +BuildRequires: libxslt +BuildRequires: libxml2 +BuildRequires: docbook-xsl-stylesheets +BuildRequires: krb5-devel +BuildRequires: python-devel + + +%description +Provides a set of daemons to manage access to remote directories and +authentication mechanisms. It provides an NSS and PAM interface toward +the system and a pluggable backend system to connect to multiple different +account sources. It is also the basis to provide client auditing and policy +services for projects like FreeIPA. + +%package client +Summary: SSSD Client libraries for NSS and PAM +Group: Applications/System + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD +service. + +%package -n libdhash +Summary: Dynamic hash table +Group: Development/Libraries +Version: %{dhash_version} +License: LGPLv3+ + +%description -n libdhash +A hash table which will dynamically resize to achieve optimal storage & access +time properties + +%package -n libdhash-devel +Summary: Development files for libdhash +Group: Development/Libraries +Version: %{dhash_version} +Requires: libdhash = %{dhash_version}-%{release} +License: LGPLv3+ + +%description -n libdhash-devel +A hash table which will dynamically resize to achieve optimal storage & access +time properties + + +%prep +%setup -q + +%build +%configure \ + --without-tests \ + --with-db-path=%{dbpath} \ + --with-pipe-path=%{pipepath} \ + --with-pubconf-path=%{pubconfpath} \ + --with-init-dir=%{_initrddir} \ + --enable-nsslibdir=/%{_lib} \ + --without-selinux \ + --without-semanage \ + --with-os=suse \ + --disable-static + +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT + +make install DESTDIR=$RPM_BUILD_ROOT + +# Remove the example files from the output directory +# We will copy them directly from the source directory +# for packaging +rm -f \ + $RPM_BUILD_ROOT/usr/share/doc/dhash/README \ + $RPM_BUILD_ROOT/usr/share/doc/dhash/examples/dhash_example.c \ + $RPM_BUILD_ROOT/usr/share/doc/dhash/examples/dhash_test.c + +# Prepare language files +/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_daemon +/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_client + +# Copy default sssd.conf file +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd +install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf +install -m400 server/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf +install -m400 server/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/ + +# Remove .la files created by libtool +rm -f \ + $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \ + $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \ + $RPM_BUILD_ROOT/%{_libdir}/libdhash.la \ + $RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \ + $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \ + $RPM_BUILD_ROOT/%{python_sitearch}/pysss.la + +if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so +then + # Apppend this file to the sss_daemon.lang + # Older versions of rpmbuild can only handle one -f option + echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sss_daemon.lang +fi +for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null` +do + echo %{python_sitelib}/`basename $file` >> sss_daemon.lang +done + +%clean +rm -rf $RPM_BUILD_ROOT + +%files -f sss_daemon.lang +%defattr(-,root,root,-) +%doc COPYING +%{_initrddir}/%{name} +%{_sbindir}/sssd +%{_sbindir}/sss_useradd +%{_sbindir}/sss_userdel +%{_sbindir}/sss_usermod +%{_sbindir}/sss_groupadd +%{_sbindir}/sss_groupdel +%{_sbindir}/sss_groupmod +%{_sbindir}/sss_groupshow +%{_sbindir}/sss_debuglevel +%{_libexecdir}/%{servicename}/ +%{_libdir}/%{name}/ +%{_libdir}/ldb/memberof.so +%dir %{sssdstatedir} +%attr(700,root,root) %dir %{dbpath} +%attr(755,root,root) %dir %{pipepath} +%attr(755,root,root) %dir %{pubconfpath} +%attr(700,root,root) %dir %{pipepath}/private +%attr(750,root,root) %dir %{_var}/log/%{name} +%attr(700,root,root) %dir %{_sysconfdir}/sssd +%config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%config %{_sysconfdir}/sssd/sssd.api.conf +%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d +%config %{_sysconfdir}/sssd/sssd.api.d/ +%{_mandir}/man5/sssd.conf.5* +%{_mandir}/man5/sssd-ipa.5* +%{_mandir}/man5/sssd-krb5.5* +%{_mandir}/man5/sssd-ldap.5* +%{_mandir}/man8/sssd.8* +%{_mandir}/man8/sss_groupadd.8* +%{_mandir}/man8/sss_groupdel.8* +%{_mandir}/man8/sss_groupmod.8* +%{_mandir}/man8/sss_groupshow.8* +%{_mandir}/man8/sss_useradd.8* +%{_mandir}/man8/sss_userdel.8* +%{_mandir}/man8/sss_usermod.8* +%{_mandir}/man8/sss_debuglevel.8* +%{_mandir}/man8/sssd_krb5_locator_plugin.8* +%{python_sitearch}/pysss.so +%{python_sitelib}/*.py* + + +%files client -f sss_client.lang +%defattr(-,root,root,-) +/%{_lib}/libnss_sss.so.2 +/%{_lib}/security/pam_sss.so +%{_mandir}/man8/pam_sss.8* + +%files -n libdhash +%defattr(-,root,root,-) +%doc common/dhash/COPYING +%doc common/dhash/COPYING.LESSER +%{_libdir}/libdhash.so.1 +%{_libdir}/libdhash.so.1.0.0 + +%files -n libdhash-devel +%defattr(-,root,root,-) +%{_includedir}/dhash.h +%{_libdir}/libdhash.so +%{_libdir}/pkgconfig/dhash.pc +%doc common/dhash/README +%doc common/dhash/examples + +%post +/sbin/ldconfig +/sbin/chkconfig --add %{servicename} +if [ $1 -ge 2 ] ; then +# a one-time upgrade from confdb v1 to v2, only if upgrading + python %{_libexecdir}/%{servicename}/upgrade_config.py +fi + +%preun +if [ $1 = 0 ]; then + /sbin/service %{servicename} stop 2>&1 > /dev/null + /sbin/chkconfig --del %{servicename} +fi + +%postun +/sbin/ldconfig +if [ $1 -ge 1 ] ; then + /sbin/service %{servicename} condrestart 2>&1 > /dev/null +fi + +%post client -p /sbin/ldconfig + +%postun client -p /sbin/ldconfig + +%post -n libdhash -p /sbin/ldconfig + +%postun -n libdhash -p /sbin/ldconfig + +%changelog +* Mon Sep 28 2009 Sumit Bose - 0.6.0-0 +- New upstream release 0.6.0 + +* Fri Sep 25 2009 Simo Sorce - 0.5.0-1 +- Split package into server and clients components +- Convert to new config file format + +* Wed Sep 02 2009 Stephen Gallagher - 0.5.0-0 +- New upstream release 0.5.0 + +* Mon May 18 2009 Stephen Gallagher - 0.4.0-1 +- Convert build system to automake + +* Mon Apr 20 2009 Jakub Hrozek - 0.3.2-1 +- bugfix release 0.3.2 + +* Mon Apr 13 2009 Simo Sorce - 0.3.1-1 +- bugfix release + +* Sun Apr 12 2009 Stephen Gallagher - 0.3.0-2 +- Remove InfoPipe from RPM build + +* Sun Apr 12 2009 Stephen Gallagher - 0.3.0-1 +- Convert to using /etc/sssd/sssd.conf for configuration + +* Tue Mar 10 2009 Simo Sorce - 0.2.1-1 +- Bump up to version 0.2.1 + +* Fri Mar 06 2009 Jakub Hrozek - 0.1.0-4 +- fixed items found during review +- added initscript + +* Thu Mar 05 2009 Sumit Bose - 0.1.0-3 +- added sss_client + +* Mon Feb 23 2009 Jakub Hrozek - 0.1.0-2 +- Small cleanup and fixes in the spec file + +* Thu Feb 12 2009 Stephen Gallagher - 0.1.0-1 +- Initial release (based on version 0.1.0 upstream code) --- sssd-1.13.4.orig/contrib/vagrant/bootstrap.sh +++ sssd-1.13.4/contrib/vagrant/bootstrap.sh @@ -0,0 +1,21 @@ +#!/bin/bash -x + +sed -e "s/@PACKAGE_NAME@/sssd/" \ + -e "s/@PRERELEASE_VERSION@//" \ + -e "s/@PACKAGE_VERSION@/0/" \ + /vagrant/contrib/sssd.spec.in > /vagrant/contrib/sssd_vagrant.spec + +dnf clean metadata +dnf install -y @buildsys-build realmd sssd adcli polkit oddjob-mkhomedir +dnf builddep -y /vagrant/contrib/sssd_vagrant.spec + +source /usr/share/doc/git/contrib/completion/git-prompt.sh + +cat << EOF >> /home/vagrant/.bashrc +source /usr/share/doc/git/contrib/completion/git-prompt.sh +export GIT_PS1_SHOWDIRTYSTATE=1 +export PS1='[\u@\h:\W\$(__git_ps1 " (%s)")]\$\[\e[0m\] ' + +. /vagrant/contrib/fedora/bashrc_sssd + +EOF --- sssd-1.13.4.orig/debian/README.source +++ sssd-1.13.4/debian/README.source @@ -0,0 +1,58 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To configure quilt to use debian/patches instead of patches, you want +either to export QUILT_PATCHES=debian/patches in your environment +or use this snippet in your ~/.quiltrc: + + for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do + if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then + export QUILT_PATCHES=debian/patches + break + fi + done + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. --- sssd-1.13.4.orig/debian/apparmor-profile +++ sssd-1.13.4/debian/apparmor-profile @@ -0,0 +1,51 @@ +#include + +/usr/sbin/sssd { + #include + #include + #include + #include + + capability dac_override, + capability dac_read_search, + capability setgid, + capability setuid, + capability sys_admin, + capability sys_nice, + capability sys_resource, + + @{PROC} r, + @{PROC}/[0-9]*/net/psched r, + @{PROC}/[0-9]*/status r, + + /etc/krb5.keytab k, + /etc/ldap/ldap.conf r, + /etc/libnl-3/classid r, + /etc/localtime r, + /etc/shells r, + /etc/sssd/sssd.conf r, + + /usr/lib/@{multiarch}/ldb/modules/ldb/* m, + /usr/lib/@{multiarch}/samba/ldb/* m, + /usr/lib/@{multiarch}/sssd/* rix, + /usr/sbin/sssd rmix, + + /tmp/{,.}krb5cc_* rwk, + + /var/lib/sss/* rw, + /var/lib/sss/db/* rwk, + /var/lib/sss/gpo_cache/* rw, + /var/lib/sss/mc/* rw, + /var/lib/sss/pipes/* rw, + /var/lib/sss/pipes/private/* rw, + /var/lib/sss/pubconf/* rw, + /var/lib/sss/pubconf/krb5.include.d/ r, + /var/lib/sss/pubconf/krb5.include.d/* rw, + /var/log/sssd/* rw, + /var/tmp/host_* rw, + + /{,var/}run/sssd.pid rw, + + # Site-specific additions and overrides. See local/README for details. + #include +} --- sssd-1.13.4.orig/debian/changelog +++ sssd-1.13.4/debian/changelog @@ -0,0 +1,736 @@ +sssd (1.13.4-1ubuntu1.6) xenial; urgency=medium + + * Fix regression where SSSD doesn't start on boot if autofs is not + installed (LP: #1695870): + - rules: Support new service + - sssd-common.sssd-autofs.upstart.in: Restart autofs to read direct mounts + after SSSD and autofs have started (only on startup). This keeps the fix + for the autofs and SSSD race condition (LP: #1566508) + - sssd-common.sssd.upstart.in: Remove "starting autofs" to allow SSSD to + start without autofs. + + -- Victor Tapia Mon, 05 Jun 2017 12:41:12 +0200 + +sssd (1.13.4-1ubuntu1.5) xenial; urgency=medium + + * d/p/pidfile-creation.diff: Delay the pidfile creation until the + responders are up (LP: #1566508) + * d/p/sanitize_newline.diff: Sanitize newline and carriage return + characters before LDAP queries. (LP: #1669712) + + -- Victor Tapia Tue, 24 Mar 2017 11:20:32 +0100 + +sssd (1.13.4-1ubuntu1.2) xenial; urgency=medium + + * d/p/restart_providers_on_timeshift.patch: Implement watchdog and + use SIGUSR2 after watchdog detects time shift to execute pending + scheduled tasks that could be stuck (LP: #1641875) + + -- Victor Tapia Thu, 23 Feb 2017 11:46:31 +0100 + +sssd (1.13.4-1ubuntu1.1) xenial; urgency=medium + + * Sync 1.13.4-3 changes from debian/yakkety. + + -- Timo Aaltonen Mon, 18 Jul 2016 05:55:56 +0300 + +sssd (1.13.4-3) unstable; urgency=medium + + * common: Add /var/lib/sss/gpo_cache. (LP: #1579092) + * gpo-add-unity-to-ad-gpo-map-interactive.diff: Allow logging in from + unity lockscreen. (LP: #1578415) + + -- Timo Aaltonen Tue, 10 May 2016 10:39:46 +0300 + +sssd (1.13.4-1ubuntu1) xenial; urgency=medium + + * Sync 1.13.4-2 changes from debian. + + -- Timo Aaltonen Wed, 20 Apr 2016 19:46:16 +0300 + +sssd (1.13.4-2) unstable; urgency=medium + + * ipa-terminate-if-view-name-fails.diff: Fix support for older IPA + servers. (LP: #1572582) + + -- Timo Aaltonen Wed, 20 Apr 2016 16:55:24 +0300 + +sssd (1.13.4-1) unstable; urgency=medium + + * New upstream release. + * apparmor-profile: Fixed and tidied. + + -- Timo Aaltonen Wed, 30 Mar 2016 19:31:33 +0300 + +sssd (1.13.3-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen Thu, 17 Dec 2015 13:27:11 +0200 + +sssd (1.13.2-1) unstable; urgency=medium + + * New upstream release. + * patches: Removed fix-obsolete-target.diff, fix-python-modules.diff, + both upstream now. + + -- Timo Aaltonen Thu, 03 Dec 2015 21:14:29 +0200 + +sssd (1.13.1-2) unstable; urgency=medium + + * apparmor: Fix access to krb5.include.d. (LP: #1489378) + * {krb5-common,proxy}.postinst: Chmod the correct files. (Closes: + #801537, #801538) + + -- Timo Aaltonen Tue, 13 Oct 2015 16:55:47 +0300 + +sssd (1.13.1-1) unstable; urgency=medium + + * New upstream release. + * {common,ipa,krb5,proxy}.postinst: Create a sssd system user & group, + and migrate various bits to their ownership. + * Add sssd-dbus to libsss-simpleifp0 Depends. + * ipa: Add /var/lib/sss/keytabs. + * common: Add PEM/DER conversion library. + * Add support for python3 modules. + * tools: Add sss_override. + * common: Add p11_child. + * ad: Drop libsss_ad_common, it was for tests only and not shipped + anymore. + * common: Move libsss_krb5_common here from sssd-krb5-common to satisfy + libsss_ldap_common depending on it. + * libsystemd.diff: Dropped, fixed upstream. + * fix-python-modules.diff: Don't add symlinks to python modules, + rename the built modules instead. + * rules, postinst: Avoid running dpkg-architecture in postinst and + instead mangle them in post-dh_installdeb. + * common: Add depends on adduser. + + -- Timo Aaltonen Sat, 03 Oct 2015 08:38:29 +0300 + +sssd (1.12.5-3) unstable; urgency=medium + + * sssd-common.postinst: Drop removing the old logrotate file, handle + it in sssd.maintscript instead. (Closes: #794332) + + -- Timo Aaltonen Tue, 08 Sep 2015 22:47:08 +0300 + +sssd (1.12.5-2) unstable; urgency=medium + + * sssd-common.postinst: Remove duplicate logrotate file on update. + (LP: #1249772) + * control, libsystemd.diff: Transition to libsystemd, thanks Michael + Biebl! (Closes: #791909) + + -- Timo Aaltonen Tue, 21 Jul 2015 15:04:25 +0300 + +sssd (1.12.5-1) unstable; urgency=medium + + * New upstream release. + * Let uscan verify upstream tarballs. + * control: Bump policy to 3.9.6, no changes. + + -- Timo Aaltonen Fri, 12 Jun 2015 22:36:52 +0300 + +sssd (1.12.4-1) experimental; urgency=medium + + * New upstream release. + * apparmor-profile: Updated. (LP: #1421110) + * control: Add new build-depends; cifs-utils, libaugeas-dev, + libnfsidmap-dev, libsmbclient-dev, systemd. + * control, .install: Add libwbclient-sssd{,-dev}. + * control, .install: Add libsss-simpleifp{0,-dev}. + * fix-automake-compat.diff, fix-catchchild.diff: Dropped, upstream. + * rules: Use max-parallel=1 for dh_auto_install. + * sssd-common.install: Add files for NFS v4 client. + * sssd-ad.install: Add new files. + * sssd-ipa.install: Add selinux_child. + * sssd-dbus: Add libsss_config.so. + * sssd-common: Add cifs idmap plugin, semanage library and krb5 + localauth plugin. + * rules: Add a placeholder to not modify permissions of + {krb5,ldap,selinux}_child. + * control: Add libsystemd-login-dev to build-depends. + * control: Add libnss-wrapper and libuid-wrapper to build-depends. + * rules: Use automake native verbosity for tests, and bump + CK_TIMEOUT_MULTIPLIER. + + -- Timo Aaltonen Thu, 09 Apr 2015 23:56:01 +0300 + +sssd (1.11.7-3) unstable; urgency=medium + + * libsss-sudo.postrm: Delete sudoers line from nsswitch.conf, if only + files source left. (Closes: #749722) + * libsss-sudo.postinst: Fix comments. + * libsss-sudo.postinst: Check nsswitch sudoers entry unconditionally, + so that it is added on upgrade too if missing. + + -- Timo Aaltonen Fri, 16 Jan 2015 13:53:22 +0200 + +sssd (1.11.7-2) unstable; urgency=medium + + * default, upstart.in: Upstream ticket #2312 is fixed now, so drop the + workaround to run the daemon in the foreground. (Closes: #760353) + * fix-automake-compat.diff: Added an upstream commit to fix configure + with new automake. + * fix-catchchild.diff: Fix build failure with samba 4.1.13, bump + samba-dev build-dependency to match. + + -- Timo Aaltonen Thu, 30 Oct 2014 14:49:05 +0200 + +sssd (1.11.7-1) unstable; urgency=medium + + * New upstream release. + * sssd-common.install, sssd-dbus.install: Add new sss_signal helper + and the dbus service using it. + * fix-obsolete-target.diff: Drop syslog.target from the service file. + * libnss-sss.post*: Add sss entry to shadow and services on + nsswitch.conf. (Closes: #761173) + + -- Timo Aaltonen Wed, 24 Sep 2014 07:08:04 +0300 + +sssd (1.11.6-1) unstable; urgency=medium + + * New upstream release. + * control: Update my email. + * control: Update vcs urls. + * libnss-sss.postrm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before + removing sss entry from nsswitch.conf. (Closes: #748671) + * libpam-sss.prerm: Check DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT before + running pam-auth-update --remove. + * control: Mark libkeyutils-dev, libselinux-dev, libsemanage-dev, + libnl*-dev build-deps as linux-any, as a preliminary step to build + on kfreebsd-*. + * Run wrap-and-sort. + * sssd-dbus: Add a new subpackage for the D-Bus responder. + * control: Demote libsasl2-modules-ldap to Suggests for sssd-ldap. + * generate-config: Bring it back for convenience, but don't run it on + postinst. + * sssd-common.postinst: Remove obsolete config upgrade. + + -- Timo Aaltonen Tue, 19 Aug 2014 09:15:13 +0300 + +sssd (1.11.5.1-2) unstable; urgency=medium + + * control: Drop libcmocka-dev and check from build-depends again so + that the package will build on every arch. Test failures will be + fixed in a future upload. + + -- Timo Aaltonen Thu, 14 Aug 2014 02:22:57 +0300 + +sssd (1.11.5.1-1) unstable; urgency=medium + + [ Stéphane Graber ] + * Fix upstart job to provide a proper stdin for sssd. + * Update defaults to always pass -i. + + [ Timo Aaltonen ] + * New upstream release. (Closes: #745664) + * control: Bump libkrb5-dev build-dependency to 1.12 due to the OTP + features. + + -- Timo Aaltonen Fri, 09 May 2014 14:50:12 +0300 + +sssd (1.11.5-1) unstable; urgency=medium + + * New upstream bugfix release. (Closes: #729982) + * upstart: Run the daemon in foreground and drop expect fork from the + job, should fix issues with upstart getting confused when a backend + fails to start. + + -- Timo Aaltonen Tue, 08 Apr 2014 23:39:20 +0300 + +sssd (1.11.4-1) unstable; urgency=low + + * New upstream release. + * control, rules: Add libcmocka-dev and re-add check to build-depends. + Override dh_auto_test so that it shows the test error log if they fail. + * rules: Fix the manpage date handling with a bigger hammer, and + enable it for all manpages not just pam_sss.8. (Closes: #734083) + * Drop an obsolete lintian override from libsss-sudo. + + -- Timo Aaltonen Fri, 21 Mar 2014 13:28:38 +0200 + +sssd (1.11.3-1) unstable; urgency=low + + * New upstream release. + * control: Update policy to 3.9.5, no changes. + + -- Timo Aaltonen Fri, 03 Jan 2014 00:01:29 +0200 + +sssd (1.11.2-1) unstable; urgency=low + + * New upstream release. + * rules, sssd-common.install: Use the correct path for the systemd + service file. + * control: Build depend on libpam0g-dev | libpam-dev. + + -- Timo Aaltonen Tue, 19 Nov 2013 15:22:27 +0200 + +sssd (1.11.1-1) unstable; urgency=low + + * New upstream release. + * sssd-common.postinst, generate-config: Don't create a config on install, + drop generate-config. (Closes: #717587) + * sssd-common.postrm: Remove /etc/apparmor.d too, if empty. + * control, rules, sssd-common.install: Install the systemd service + file provided by upstream. + * control: Drop M-A: foreign from sssd-* and add back to sssd instead. + * control: Don't hardcode 'multiarch-support'. + * control: Drop unnecessary multiarch declarations. + * control: Drop obsolete Breaks/Conflicts. + * rules: Enable parallel build. + * control: Add libltdl-dev to build-depends. + * control: Prepare for new unified samba package, adjust build- + dependencies. Thanks, Ivo De Decker! (Closes: #725992) + + -- Timo Aaltonen Tue, 06 Aug 2013 17:04:28 +0300 + +sssd (1.10.0-1) unstable; urgency=low + + [ Timo Aaltonen ] + * New upstream release (Closes: #693054, #705357, #711101) + * Update the packaging for the new version, thanks Esko Järnfors! + - Add libsss-idmap0, libsss-idmap-dev packages + - Add sssd Depends on libsss-idmap0 + - Add /var/lib/sss/mc directory for the new mmap cache + * Split authentication providers to separate packages and make sssd + a metapackage. + * control: Drop libunistring-dev from build-depends and add libglib2.0-dev + for unicode support. + * sssd-*.install: Install new manpages. + * python-sss.install: py-files got moved under SSSDConfig. + * control, rules: Use default build flags, bump dpkg-dev build-dep to + 1.16.1~. + * rules: Install the apparmor profile with -m644. + * python-sss: Add pysss_murmur.so. + * rules, control, sssd-ad-common.install: PAC responder support. + - Add libndr-dev, libndr-standard-dev, libsamba-util-dev, samba4-dev, + libdcerpc-dev to build-depends + - Add -I/usr/include/samba-4.0 to CFLAGS + * control: Mark sssd-common as Multi-Arch: foreign. + * watch: Add a comment about the upstream git tree. + * Replace perl snippet from libnss-sss.post* with sed, drop perl from + Depends. (Closes: #686237) + * compat: Bump compat to 9. + * rules: Set DEB_HOST_MULTIARCH, drop --libdir and remnants of cdbs. + * sssd-common.install: Install the support binaries under the multiarch path. + * rules,sssd-common.postinst: Move generate-config to /usr/share/sssd. + * rules, sssd-common.install: Use the correct install path for the + krb5_locator plugin. + * libnss-sss.postinst: SSSD doesn't handle shadow maps, so don't pretend + that it would. + * libsss-sudo*, control: Remove the soname from the library, move .so to + the libsss-sudo, drop -dev package. + * rules: Pass --datadir, so the path in autogenerated python files is + correctly substituted. (LP: #1079938) + * sssd-krb5-common.dirs: Add krb5 include dir. + * fix-cve-2013-0219*.diff, -0220.diff: Dropped, included upstream. + * libsss-sudo.postrm: Run ldconfig on remove/purge. + * apparmor-profile: Fix the profile to use the multiarch path for it's + helper location (LP: #1175317). + * Add packaging for libsss-nss-idmap0, libsss-nss-idmap-dev, + python-libsss-nss-idmap. + * watch: Updated to work with alpha/beta releases. + * control: Migrate to libnl-3 now that it's supported. (Closes: #688174) + * sssd-common.{preinst,postrm}: Install the apparmor profile in force-complain + mode on install, and remove the profile directory on purge (if empty). Also + migrate from previous setup which installed it as disabled. + (Closes: #676140) + * control: Bump policy to 3.9.4, no changes. + * control: Add libpam-pwquality (>= 1.2.2-1) to libpam-sss depends, which + makes the password stack work in all cases. (LP: #1159983) + * control: Drop check from build-depends for now, to work around a linking bug + in check (#712140) that makes the tests fail on (at least) i386. + + [ Stéphane Graber ] + * Add postinst/postrm script for libsss-sudo. Those will add a "sudoers" + entry to /etc/nsswitch.conf upon first installation of the package and + will then take care of adding/removing sss from the stack as required. + * Set CK_DEFAULT_TIMEOUT to 30 so that slower buildds (armhf at least) can + run the tests without hitting the default 4s timeout. + + -- Timo Aaltonen Fri, 05 Jul 2013 14:53:06 +0300 + +sssd (1.8.4-2) unstable; urgency=low + + * fix-cve-2013-0219-1.diff, fix-cve-2013-0219-2.diff, + fix-cve-2013-0220.diff: Upstream commits from the stable tree to fix + recent CVE reports. (Closes: #698871) + + -- Timo Aaltonen Wed, 27 Feb 2013 23:38:28 +0200 + +sssd (1.8.4-1) unstable; urgency=low + + * New upstream bugfix release 1.8.2. + - Several fixes to case-insensitive domain functions + - Fix for GSSAPI binds when the keytab contains unrelated + principals + - Fixed several segfaults + - Workarounds added for LDAP servers with unreadable RootDSE + - SSH knownhostproxy will no longer enter an infinite loop + preventing login + - The provided SYSV init script now starts SSSD earlier at startup + and stops it later during shutdown + - Assorted minor fixes for issues discovered by static analysis + tools + * New upstream bugfix release 1.8.3. + - Numerous manpage and translation updates + - LDAP: Handle situations where the RootDSE isn't available anonymously + - LDAP: Fix regression for users using non-standard LDAP attributes for + user information + * New upstream bugfix release 1.8.4. (LP: #981125, #985031) + - Fix a bug causing AD servers not to fail over properly when the KDC + on the primary server is down + - Fix an endianness bug on big-endian systems when looking up services + - Fix a segfault dealing with nested groups (LP: #981125) + - Make the nowait cache updates work for netgroups + - Fix a regression that broke domains with use_fully_qualified_names = True + (LP: #985031) + * control: Move the dependency of libsasl2-modules-gssapi-mit to + Recommends. + * control: sssd works with Heimdal gssapi modules too, add + libsasl2-modules-gssapi-mit as an option for the Recommends. + (LP: #966146) + * libpam-sss.pam-auth-update: + - Drop the dependency to 128, since pam_sss should always be below + pam_unix. (LP: #957486) + - Drop 'use_authtok' from the password stack, since it only works when + pam_cracklib is installed. This will allow password changes on the + default install. + * sssd.postrm: Try to remove /etc/sssd only if it exists. + (Closes: #666226) + * Add disabled by default Apparmor profile (LP: #933342) + - debian/sssd.upstart.in: load the profile during pre-start + - add debian/apparmor-profile, install to /etc/apparmor.d + - debian/rules: use dh_apparmor to install profile before sssd is + restarted + - debian/control: sssd Suggests apparmor (>= 2.3) + - debian/control: Add dh-apparmor to build-depends + - debian/sssd.preinst: disable profile on clean install or upgrades + from earlier than when we shipped the profile + * rules: Mangle the date stamp on pam_sss.8 so that the compressed file is + identical across all archs. (Closes: #670019) + * control: Add build-depends on libnl-dev to enable Netlink support. + * control: Add build-depends on libkeyutil-dev to enable support for + kernel keyring manipulation. + * sssd.logrotate: Rotate logs weekly, keep four previous rotations. + (Closes: #672984) + * sssd.upstart.in: Delete an invisible control character from the pre-start + script. (LP: #1003845) + + -- Timo Aaltonen Fri, 01 Jun 2012 11:43:42 +0300 + +sssd (1.8.1-1) unstable; urgency=low + + * New maintainer, Debian SSSD Team. (Closes: #660985) + + [ Timo Aaltonen ] + * New upstream release (1.8.1) (Closes: #647980, #624194, #639965) + - Support for the service map in NSS + - Support for setting default SELinux user context from FreeIPA + - Support for retrieving SSH user and host keys from LDAP (Experimental) + - Support for caching autofs LDAP requests (Experimental) + - Support for caching SUDO rules (Experimental) + * Update build-deps: + - Add libunistring-dev, libdhash-dev, libcollection-dev and + libini-config-dev. + - Add check for unit tests. + - Drop cvs and python-central. + - Migrate to dh, drop cdbs build-dep, add quilt, dh-autoreconf and + autopoint to build-deps. + * Add new packages: + - libipa-hbac0, libipa-hbac-dev, libsss-sudo0, libsss-sudo-dev, + and python-libipa-hbac. + - Split sssd-tools: add Breaks/Replaces sssd (<< 1.8.0~beta3-1) and + add to sssd Suggests + * Drop patch to ensure LDAP authentication never accept a zero + length password, which is now included upstream. + * sssd.upstart.ubuntu: + - Don't start before net-device-up. (LP: 812943) + - Source /etc/default/sssd. (LP: 812943) + * sssd.default: Added a file to include the sssd daemon defaults, + currently has '-D -f'. + * sssd.init: Drop separate OPTIONS, '-D' comes from /etc/default/sssd + now.. + * rules: Install the Python API files to /usr/share/sssd, as discussed + with upstream. (LP: 859611) + * fix-python-api-path.dpatch: Use the new location for the API files. + (LP: 859611) + * libpam-sss.pam-auth-update: + - Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: 826643) + - Add pam_localuser.so to account stack to allow local users to log in. + (LP: 860488) + * control: sssd now Recommends libpam-sss and libnss-sss, since sssd is + mostly useless without them. (LP: 767337) + * control, compat: Bump debhelper build-dep and compat level to 8. + * Switch patch-system to quilt. + * Do not install a working config file by default. The local domain + definition was broken (upstream #1014). The daemon will need to be + configured by other means before it's usable. + * Add support for Multi-Arch (Closes: #634123). + * Remove unnecessary libnss-sss.links. + * libnss-sss.overrides: Add an override for + "package-name-doesnt-match-sonames". + * Determine the used init system during build, add lsb-release to + build-deps. Default to sysvinit, use upstart if Ubuntu. + * sssd.upstart.in: Test if the config file exists, and exit if not. + * Fail gracefully if invoke-rc.d returns an error on postinst/prerm, like + when the daemon fails to start when there is no config file. + * sssd.init.in: Check that /etc/default/sssd is a real file before sourcing + it (Closes: #587895). + * control: Add libsasl2-modules-gssapi-mit and libsasl2-modules-ldap to + Recommends for sssd. + * rules: Move the rule for purging .la files before dh_install + (Closes: #633206). + * sssd.install: Fix the wildcard for plugins to include .so symlinks. + * rules: Add configure flags + - Disable RPATH + - Disable building static libs + - Enable ssh user and host key retrieval, autofs request + and sudo rules caching. The respective packages need to add support + for these to be useful. + * Drop fix-python-api-path.patch, included upstream. + * sssd.examples: Install the renamed example config. + * rules: Drop special handling of the sssd.api.d, upstream uses + the proper path now. + * rules: Add --fail-missing to dh_install. + * sssd.install: Add new files. + * libpam-sss.install, control: Move pam_sss.8 to the correct package, + add Breaks/Replaces. + * rules: Remove some files we don't want to install, to make dh_install + happy. + * rules: Clean po/*.gmo, po/stamp-po and *.pyc. + * Install lintian overrides using dh_lintian. + * {sssd,libnss-sss}.lintian-overrides: Update. + * Move libsasl2-modules-gssapi to sssd Depends to make sure it gets + installed, as it's needed in most cases. + * control: Update maintainer address and repo location. + * control: Bump the Standards-Version to 3.9.3, no changes. + * control: Bump the debhelper build-dep to 9. + * control: Add ${misc:Depends} to libipa-hbac*, libsss-sudo*. + * control, rules: Migrate to dh_python2 (Closes: #617071). + * control: Add myself to uploaders. + + [ Petter Reinholdtsen ] + * New upstream version 1.2.4: + - Resolves long-standing issues related to group processing with + RFC2307bis LDAP servers. + - Fixed bugs in RFC2307bis group memberships related to initgroups + (Closes: #595564). + - Fix tight-loop bug on systems with older OpenLDAP client + libraries (such as Red Hat Enterprise Linux 5) + * New Upstream Version 1.2.3: + - Resolves CVE-2010-2940. + * New Upstream Version 1.2.2: + - The LDAP provider no longer requires access to the LDAP + RootDSE. If it is unavailable, we will continue on with our best + guess. + - The LDAP provider will now log issues with TLS and GSSAPI to the + syslog. + - Significant performance improvement when performing initgroups + on users who are members of large groups in LDAP. + - The sss_client will now reconnect properly to the SSSD if the + daemon is restarted. + * This resolves an issue causing GDM to crash when logging out + of a user after the SSSD had been restarted. + * Correct package description for python-sss (Closes: #596215). + * Update Standards-Version from 3.8.4 to 3.9.1. No changes needed. + + [ Stéphane Graber ] + * Fix prerm invoke_failure hook to simply return as empty functions + are invalid shell syntax. + + -- Timo Aaltonen Thu, 22 Mar 2012 13:28:27 +0200 + +sssd (1.2.1-4.4) unstable; urgency=low + + * Non-maintainer upload. + * Fix FTBFS with -Werror=format-security. Thanks Philippe De Swert for patch. + (Closes: #643806). + + -- Hector Oron Sun, 19 Feb 2012 19:33:04 +0000 + +sssd (1.2.1-4.3) unstable; urgency=medium + + * Non-maintainer upload. + * Adjust install path to consider GNU triplet (Closes: #640626). + + -- Luca Falavigna Tue, 20 Sep 2011 20:02:34 +0200 + +sssd (1.2.1-4.2) unstable; urgency=low + + * Non-maintainer upload. + * debian/sssd.install + - updated location for ldb modules; Closes: #618159 + + -- Sandro Tosi Fri, 03 Jun 2011 23:53:59 +0200 + +sssd (1.2.1-4.1) unstable; urgency=medium + + * Non-maintainer upload by the Security Team + * Fix CVE-2010-4341 (Closes: #610032) + + -- Moritz Muehlenhoff Tue, 25 Jan 2011 22:09:21 +0100 + +sssd (1.2.1-4) unstable; urgency=low + + * Add patch from Stephen Gallagher to ensure LDAP authentication + never accept a zero length password (Closes: #594413). Solves + CVE-2010-2940. + + -- Petter Reinholdtsen Wed, 25 Aug 2010 22:33:40 +0200 + +sssd (1.2.1-3) unstable; urgency=low + + [ Petter Reinholdtsen ] + * Look for /etc/default/sssd, not /etc/defaults/sssd in init.d + script (Closes: #588252). + * Make sssd.conf generation more robust, and make sure missing SRV + records are ignored and not handled as host names. + * Add code in generate-config to look up Kerberos realm using + _kerberos TXT record in DNS if it exist. + * Recommend bind9-host used by generate-config for SRV and TXT + lookups. + + [ Morten Werner Forsbring ] + * Check if /etc/default/sssd is a file and executable, not a directory, + before sourcing in init-script. Thanks to lintian. + + -- Morten Werner Forsbring Thu, 12 Aug 2010 16:31:14 +0200 + +sssd (1.2.1-2) unstable; urgency=low + + * Make sure init.d script sources /etc/default/sssd (Closes: #588252). + * Drop /etc/default/sssd from package, to avoid conffile question + from dpkg during upgrades. + * Make sure to only remove obsolete sssd conffiles on upgrades, not + on first time installation. + * Add new script generate-config and call it from the sssd postinst + during first time installation to try to generate the sssd.conf + file dynamically for LDAP and Kerberos using DNS entries, and fall + back to the static example configuration if this fail. + * Let sssd suggest libnss-sss and libpam-sss, to make those + installing sssd aware of the other packages. + * Add netgroup to nsswitch.conf entries added at first time + installation, to make sure those installing now get working + netgroups when sssd get netgroup support + * Let sssd recommend ldap-utils as ldapsearch is used for generating + the configuration. + + -- Petter Reinholdtsen Fri, 06 Aug 2010 23:44:26 +0200 + +sssd (1.2.1-1) unstable; urgency=low + + [ Petter Reinholdtsen ] + * Move calls to pam-auth-update from the package scripts in sssd to + libpam-sss, and correct prerm call to remove the correct pam config. + Add versioned dependency on libpam-runtime to make sure + pam-auth-update is available. + * Add code to the postinst and postrm of libnss-sss to update + passwd, group and shadow entries in /etc/nsswitch.conf. + * Make sure init.d/sssd start after $named, to ensure it can look up + in DNS also when the DNS server is on the local machine. + + [ Morten Werner Forsbring ] + * New upstream release. + + -- Morten Werner Forsbring Thu, 24 Jun 2010 14:16:30 +0200 + +sssd (1.2.0-1) unstable; urgency=low + + [ Petter Reinholdtsen ] + * New upstream release. + - Add libsemanage1-dev as build dependency, as it is now required. + - Drop python-build-with-deb-layout.dpatch, now handled upstream. + - Adjust provide-default-working-sssd-config-file.dpatch to + work with new package source layout and config file content. + - Adjust build rules to cope with server/ changing to src/ in the + source tarball. + - Add --enable-krb5-locator-plugin to keep building the plugin. + * Change the pam-auth-update configuration to make the session + script optional instead of sufficient, to make sure the other + session modules are executed too. + * Change initial pam password entry from requisite to sufficient, + to make sure local users can have their password set even if + sssd is enabled. + * Rename pam-configs/sssd to pam-configs/sss, to have a name that + is consistent with the package name libpam-sss. + * Add VCS links to the GIT repository. + * Move configuration API documentation from /etc/sssd/ to + /usr/share/doc/sssd/. It is not configuration and do not belong + in /etc/. + * Drop autoconf, automake, libtool, m4 and autotools-dev from + build-depends. There is no need to regenerate the build files any + more. + + [ Morten Werner Forsbring ] + * Add dnsutils as build-dependency. + + -- Morten Werner Forsbring Tue, 01 Jun 2010 20:41:59 +0200 + +sssd (1.0.5-1) unstable; urgency=low + + * Initial upload based on package from Ubuntu (Closes: #579593). + * Update standards-version from 3.8.3 to 3.8.4. No changes needed. + * Add init.d script and rename sssd.upstart to sssd.upstart.ubuntu + to make sure init.d script is installed instead of upstart job. + * Add draft pam-auth-update configuration based on proposals in + Launcepad bug #557398. + * Update address to FSF in copyright file. Thanks lintian. + * Set section for python-sss to python after advice from lintian. + * Rewrite python-build-with-deb-layout.dpatch to patch Makefile.in + instead of Makefile.am, to avoid having to run autoreconf. + * Make sssd depend on python for its upgrade script. + * Extend clean rule to remove generated file server/config/.files. + * Make sure sssd.api.conf is installed into the sssd package, and + put it in /etc/sssd/sssd.api.conf. Fixes typo in Ubuntu package. + + -- Petter Reinholdtsen Wed, 05 May 2010 21:53:29 +0200 + +sssd (1.0.5-0ubuntu1) lucid; urgency=low + + * New upstream bugfix release. (LP: #510290) + * sssd.dirs: Add /var/lib/sss/pubconf (LP: #557394) + + -- Timo Aaltonen Fri, 16 Apr 2010 11:37:16 +0300 + +sssd (1.0.2-0ubuntu2) lucid; urgency=low + + * No change rebuild due to libldb downgrade + + -- Scott Kitterman Fri, 02 Apr 2010 17:48:19 -0400 + +sssd (1.0.2-0ubuntu1) lucid; urgency=low + + * New upstream release (LP: #473262): + - python API for managing sssd daemon configuration and + native SSSD users. + - support for asynchronous cache refreshes. + - support password changing in LDAP and Kerberos providers. + - support for server failover. + * debian/control: + - update tdb build dependency to use libtdb-dev. + - add libselinux1-dev and libsasl2-dev build dependencies. + * debian/sssd.upstart: replace init script with an upstart job. + * Turn sssd.conf into a configuration file. + * Create sssd log directory. + + -- Mathias Gug Tue, 19 Jan 2010 15:17:13 -0500 + +sssd (0.5.0-0ubuntu2) karmic; urgency=low + + * debian/libnss-sss.overrides, debian/sssd.overrides: + + Fix linitian errors and warnings (LP: #425697): + sssd ships an nss library - these are false-positives. + * debian/fix-dbus-watch.dpatch: Update dbus-patch to final + upstream version. + * debian/fix-proxy-segfault.dpatch: Fix proxy enumeration. + + -- Mathias Gug Wed, 09 Sep 2009 20:21:04 -0400 + +sssd (0.5.0-0ubuntu1) karmic; urgency=low + + * Initial release. + + -- Mathias Gug Mon, 24 Aug 2009 16:35:11 -0400 --- sssd-1.13.4.orig/debian/compat +++ sssd-1.13.4/debian/compat @@ -0,0 +1 @@ +9 --- sssd-1.13.4.orig/debian/control +++ sssd-1.13.4/debian/control @@ -0,0 +1,442 @@ +Source: sssd +Section: utils +Priority: extra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian SSSD Team +Uploaders: Timo Aaltonen +Build-Depends: + autopoint, +# check, + cifs-utils, + debhelper (>= 9), + dh-apparmor, + dh-autoreconf, + dh-python, + dh-systemd (>= 1.5), + dnsutils, + docbook-xml, + docbook-xsl, + dpkg-dev (>= 1.16.1~), + krb5-config, + libaugeas-dev, + libc-ares-dev, +# libcmocka-dev [amd64 armhf i386], + libcollection-dev, + libdbus-1-dev, + libdhash-dev, + libglib2.0-dev, + libini-config-dev, + libkeyutils-dev [linux-any], + libkrb5-dev (>= 1.12), + libldap2-dev, + libldb-dev, + libltdl-dev, + libnfsidmap-dev, + libnl-3-dev [linux-any], + libnl-route-3-dev [linux-any], + libnspr4-dev, + libnss-wrapper, + libnss3-dev, + libpam0g-dev | libpam-dev, + libpcre3-dev, + libpopt-dev, + libsasl2-dev, + libselinux1-dev [linux-any], + libsemanage1-dev [linux-any], + libsmbclient-dev, + libsystemd-dev [linux-any], + libtalloc-dev, + libtdb-dev, + libtevent-dev, + libuid-wrapper, + libxml2-utils, + lsb-release, + python-dev (>= 2.6.6-3~), + python-setuptools, + python3-dev, + python3-setuptools, + quilt, + samba-dev (>= 2:4.1.13), + systemd, + xml-core, + xsltproc +X-Python-Version: >= 2.6 +X-Python3-Version: >= 3.3 +Standards-Version: 3.9.6 +Vcs-Git: git://anonscm.debian.org/pkg-sssd/sssd.git +Vcs-Browser: http://anonscm.debian.org/cgit/pkg-sssd/sssd.git +Homepage: https://fedorahosted.org/sssd/ + +Package: sssd +Section: metapackages +Architecture: any +Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} +Depends: + python-sss (= ${binary:Version}), + sssd-ad (= ${binary:Version}), + sssd-common (= ${binary:Version}), + sssd-ipa (= ${binary:Version}), + sssd-krb5 (= ${binary:Version}), + sssd-ldap (= ${binary:Version}), + sssd-proxy (= ${binary:Version}), + ${misc:Depends} +Description: System Security Services Daemon -- metapackage + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package is a metapackage which installs the daemon and existing + authentication back ends. + +Package: sssd-common +Architecture: any +Depends: python, python-sss, ${misc:Depends}, ${shlibs:Depends}, + adduser, +Recommends: bind9-host, libnss-sss, libpam-sss, libsss-sudo +Suggests: apparmor, sssd-tools +Breaks: sssd (<< 1.10.0~beta2-1), + sssd-krb5-common (<< 1.13.1-1), +Replaces: sssd (<< 1.10.0~beta2-1), + sssd-krb5-common (<< 1.13.1-1), +Description: System Security Services Daemon -- common files + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provides the daemon and other common files needed by the + authentication back ends. + +Package: sssd-ad +Architecture: any +Depends: + libsss-idmap0 (= ${binary:Version}), + sssd-ad-common (= ${binary:Version}), + sssd-common (= ${binary:Version}), + sssd-krb5-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: sssd (<< 1.10.0~beta2-1) +Replaces: sssd (<< 1.10.0~beta2-1) +Description: System Security Services Daemon -- Active Directory back end + Provides the Active Directory back end that the SSSD can utilize to fetch + identity data from and authenticate against an Active Directory server. + +Package: sssd-ad-common +Architecture: any +Depends: sssd-common (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Breaks: sssd (<< 1.10.0~beta2-1) +Replaces: sssd (<< 1.10.0~beta2-1) +Description: System Security Services Daemon -- PAC responder + Provides the PAC responder that the AD and IPA backends can use for + fetching additional attributes from the kerberos ticket. + +Package: sssd-dbus +Architecture: any +Depends: sssd-common (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: System Security Services Daemon -- D-Bus responder + Provides the D-Bus responder called InfoPipe, that allows the information + from the SSSD to be transmitted over the system bus. + +Package: sssd-ipa +Architecture: any +Depends: + libipa-hbac0 (= ${binary:Version}), + libsss-idmap0 (= ${binary:Version}), + sssd-ad-common (= ${binary:Version}), + sssd-common (= ${binary:Version}), + sssd-krb5-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: sssd (<< 1.10.0~beta2-1) +Replaces: sssd (<< 1.10.0~beta2-1) +Description: System Security Services Daemon -- IPA back end + Provides the IPA back end that the SSSD can utilize to fetch identity data + from and authenticate against an IPA server. + +Package: sssd-krb5 +Architecture: any +Depends: + sssd-common (= ${binary:Version}), + sssd-krb5-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: sssd (<< 1.10.0~beta2-1) +Replaces: sssd (<< 1.10.0~beta2-1) +Description: System Security Services Daemon -- Kerberos back end + Provides the Kerberos back end that the SSSD can utilize authenticate + against a Kerberos server. + +Package: sssd-krb5-common +Architecture: any +Depends: sssd-common (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Recommends: libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal +Breaks: sssd (<< 1.10.0~beta2-1) +Replaces: sssd (<< 1.10.0~beta2-1) +Description: System Security Services Daemon -- Kerberos helpers + Provides helper processes that the LDAP and Kerberos back ends can use for + Kerberos user or host authentication. + +Package: sssd-ldap +Architecture: any +Depends: + libsss-idmap0 (= ${binary:Version}), + sssd-common (= ${binary:Version}), + sssd-krb5-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Recommends: ldap-utils +Suggests: libsasl2-modules-ldap +Breaks: sssd (<< 1.10.0~beta2-1) +Replaces: sssd (<< 1.10.0~beta2-1) +Description: System Security Services Daemon -- LDAP back end + Provides the LDAP back end that the SSSD can utilize to fetch identity data + from and authenticate against an LDAP server. + +Package: sssd-proxy +Architecture: any +Depends: sssd-common (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Breaks: sssd (<< 1.10.0~beta2-1) +Replaces: sssd (<< 1.10.0~beta2-1) +Description: System Security Services Daemon -- proxy back end + Provides the proxy back end which can be used to wrap an existing NSS and/or + PAM modules to leverage SSSD caching. + +Package: sssd-tools +Architecture: any +Depends: + python, + sssd-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Description: System Security Services Daemon -- tools + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provides tools to manage users, groups and nested groups when + using the local id provider. + +Package: libnss-sss +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Pre-Depends: ${misc:Pre-Depends} +Recommends: sssd +Multi-Arch: same +Description: Nss library for the System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provide the nss library to connect to the sssd daemon. + +Package: libpam-sss +Architecture: any +Depends: + libpam-pwquality (>= 1.2.2-1), + libpam-runtime (>= 1.0.1-6), + ${misc:Depends}, + ${shlibs:Depends} +Recommends: sssd +Multi-Arch: same +Description: Pam module for the System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provide the pam module to connect to the sssd daemon. + +Package: libipa-hbac0 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: FreeIPA HBAC Evaluator library + Utility library to validate FreeIPA HBAC rules for authorization requests. + +Package: libipa-hbac-dev +Section: libdevel +Architecture: any +Depends: libipa-hbac0 (= ${binary:Version}), ${misc:Depends} +Description: FreeIPA HBAC Evaluator library + Utility library to validate FreeIPA HBAC rules for authorization requests. + . + This package contains header files and symlinks to develop programs which will + use the libipa-hbac library. + +Package: libsss-idmap0 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: ID mapping library for SSSD + Utility library to convert SIDs to Unix uids and gids. + +Package: libsss-idmap-dev +Section: libdevel +Architecture: any +Depends: libsss-idmap0 (= ${binary:Version}), ${misc:Depends} +Description: ID mapping library for SSSD -- development files + Utility library to convert SIDs to Unix uids and gids. + . + This package contains header files and symlinks to develop programs which will + use the libsss-idmap library. + +Package: libsss-nss-idmap0 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: SID based lookups library for SSSD + Utility library for SID based lookups. + +Package: libsss-nss-idmap-dev +Section: libdevel +Architecture: any +Depends: libsss-nss-idmap0 (= ${binary:Version}), ${misc:Depends} +Description: SID based lookups library for SSSD -- development files + Utility library for SID based lookups. + . + This package contains header files and symlinks to develop programs which will + use the libsss-nss-idmap library. + +Package: libsss-sudo +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Replaces: libsss-sudo-dev (<= 1.9.3) +Description: Communicator library for sudo + Utility library to allow communication between sudo and SSSD for caching + sudo rules by SSSD. + +Package: libsss-simpleifp0 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends}, + sssd-dbus (= ${binary:Version}), +Description: SSSD D-Bus responder helper library + Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +Package: libsss-simpleifp-dev +Section: libdevel +Architecture: any +Depends: libsss-simpleifp0 (= ${binary:Version}), ${misc:Depends} +Description: SSSD D-Bus responder helper library -- development files + Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + . + This package contains header files and symlinks to develop programs which will + use the libsss-simpleifp0 library. + +Package: libwbclient-sssd +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: SSSD libwbclient implementation + The SSSD libwbclient implementation. + +Package: libwbclient-sssd-dev +Section: libdevel +Architecture: any +Depends: libwbclient-sssd (= ${binary:Version}), ${misc:Depends}, +Description: SSSD libwbclient implementation -- development files + The SSSD libwbclient implementation. + . + This package contains header files and symlinks to develop programs which will + use the libwbclient-sssd library. + +Package: python-libipa-hbac +Section: python +Architecture: any +Depends: + libipa-hbac0 (= ${binary:Version}), + ${misc:Depends}, + ${python:Depends}, + ${shlibs:Depends} +Description: Python bindings for the FreeIPA HBAC Evaluator library + The libipa_hbac-python contains the bindings so that libipa_hbac can be + used by Python applications. + . + This package installs the library for Python 2. + +Package: python-libsss-nss-idmap +Section: python +Architecture: any +Depends: + libsss-nss-idmap0 (= ${binary:Version}), + ${misc:Depends}, + ${python:Depends}, + ${shlibs:Depends} +Description: Python bindings for the SID lookups library + This package contains the bindings for libnss_sss_idmap to be used by + Python applications. + . + This package installs the library for Python 2. + +Package: python-sss +Section: python +Architecture: any +Depends: ${misc:Depends}, ${python:Depends}, ${shlibs:Depends} +Provides: ${python:Provides} +Recommends: sssd +Description: Python module for the System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provide a module to access the configuration of the sssd daemon. + . + This package installs the library for Python 2. + +Package: python3-libipa-hbac +Section: python +Architecture: any +Depends: + libipa-hbac0 (= ${binary:Version}), + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends} +Description: Python3 bindings for the FreeIPA HBAC Evaluator library + The libipa_hbac-python contains the bindings so that libipa_hbac can be + used by Python applications. + . + This package installs the library for Python 3. + +Package: python3-libsss-nss-idmap +Section: python +Architecture: any +Depends: + libsss-nss-idmap0 (= ${binary:Version}), + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends} +Description: Python3 bindings for the SID lookups library + This package contains the bindings for libnss_sss_idmap to be used by + Python applications. + . + This package installs the library for Python 3. + +Package: python3-sss +Section: python +Architecture: any +Depends: ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends} +Provides: ${python3:Provides} +Recommends: sssd +Description: Python3 module for the System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provide a module to access the configuration of the sssd daemon. + . + This package installs the library for Python 3. --- sssd-1.13.4.orig/debian/copyright +++ sssd-1.13.4/debian/copyright @@ -0,0 +1,222 @@ +This package was debianized by Mathias Gug on +Wed, 05 Aug 2009 08:58:56 +0100. + +It was downloaded from https://fedorahosted.org/sssd/ + +Upstream Authors: + Dmitri Pal + Jakub Hrozek + Simo Sorce + Stephen Gallagher + Sumit Bose + +Copyright: + + Copyright (C) Red Hat 2008, 2009 + + Copyright (C) Dmitri Pal 2009 + Copyright (C) Jakub Hrozek 2009 + Copyright (C) Simo Sorce 2007, 2008, 2009 + Copyright (C) Stephen Gallagher 2008,2009 + Copyright (C) Sumit Bose 2009 + + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Andrew Tridgell 1992-2006 + Copyright (C) James J Myers 2003 + Copyright (C) Jelmer Vernooij 2002, 2006, 2007 + Copyright (C) Jeremy Allison 1998-2002, 2007 + Copyright (C) Martin Pool 2002 + Copyright (C) Michael Adam 2008 + Copyright (C) Tim Potter 2000 + Copyright (c) 1997 Kungliga Tekniska Högskolan + + Copyright (c) 1996-2005, The PostgreSQL Global Development Group + Copyright (c) 1994, The Regents of the University of California + Copyright (c) 1996-2007, PostgreSQL Global Development Group + Copyright (C) 1996-2001 Internet Software Consortium. + + +License: + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +The Debian packaging is Copyright (C) Canonical Ltd 2009 and is licensed under +the GPL-3 or later, see `/usr/share/common-licenses/GPL-3'. + +======================== +replace/repdir_getdents.c +replace/test/testsuite.c +replace/test/main.c +replace/getpass.c +replace/replace.c +replace/socketpair.c +replace/inet_ntoa.c +replace/strptime.c +replace/inet_aton.c +replace/dlfcn.c +replace/repdir_getdirentries.c +common/collection/* +common/ini/* +======================== +License: LGPL3 or later - see `/usr/share/common-licenses/LGPL-3'. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see . + + +=================== +sss_client/group.c +sss_client/common.c +sss_client/passwd.c +=================== +License: LGPL (v2.1 or later) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, + USA. + + +===================== +replace/getaddrinfo.c +replace/getaddrinfo.h +===================== + + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose, without fee, and without a written agreement + is hereby granted, provided that the above copyright notice and this paragraph + and the following two paragraphs appear in all copies. + + IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR + DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING + LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, + EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS + ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS + TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + +=================== +replace/inet_pton.c +replace/inet_ntop.c +=================== +License: ISC + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM + DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +================ +replace/timegm.c +================ +License: BSD (3 clause) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +================== +replace/snprintf.c +================== + + This code is based on code written by Patrick Powell (papowell@astart.com) + It may be used for any purpose as long as this notice remains intact + on all source code distributions + +=========================== +sss_client/sss_cli.h +sss_client/protos.h +sss_client/sss_pam_macros.h +sss_client/sss_errno.h +=========================== + + You can used this header file in any way you see fit provided copyright + notices are preserved. + +============================= +server/resolv/ares/ares_dns.h +============================= + + * Permission to use, copy, modify, and distribute this + * software and its documentation for any purpose and without + * fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright + * notice and this permission notice appear in supporting + * documentation, and that the name of M.I.T. not be used in + * advertising or publicity pertaining to distribution of the + * software without specific, written prior permission. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" + * without express or implied warranty. + +============================= +server/util/nss_sha512crypt.c +============================= + + Released into the Public Domain by Ulrich Drepper . --- sssd-1.13.4.orig/debian/generate-config +++ sssd-1.13.4/debian/generate-config @@ -0,0 +1,136 @@ +#!/bin/sh + +# Generate sssd.conf setup dynamically based on autodetectet LDAP +# and Kerberos server. + +set -e + +# See if we can find an LDAP server. Prefer ldap.domain, but also +# accept SRV records if no ldap.domain server is found. +lookup_ldap_uri() { + domain="$1" + if ping -c2 ldap.$domain > /dev/null 2>&1; then + echo ldap://ldap.$domain + else + host=$(host -N 2 -t SRV _ldap._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}' | head -1) + if [ "$host" ] ; then + echo ldap://$host | sed 's/\.$//' + fi + fi +} + +lookup_ldap_base() { + ldapuri="$1" + defaultcontext="$(ldapsearch -LLL -H "$ldapuri" -x -b '' -s base defaultNamingContext 2>/dev/null | awk '/^defaultNamingContext: / { print $2}')" + if [ -z "$defaultcontext" ] ; then + # If there are several contexts, pick the first one with + # posixAccount or posixGroup objects in it. + for context in $(ldapsearch -LLL -H "$ldapuri" -x -b '' \ + -s base namingContexts 2>/dev/null | \ + awk '/^namingContexts: / { print $2}') ; do + if ldapsearch -LLL -H $ldapuri -x -b "$context" -s sub -z 1 \ + '(|(objectClass=posixAccount)(objectclass=posixGroup))' 2>&1 | \ + egrep -q '^dn:|^Administrative limit exceeded' ; then + echo $context + return + fi + done + fi + echo $defaultcontext +} + +lookup_kerberos_server() { + domain="$1" + if ping -c2 kerberos.$domain > /dev/null 2>&1; then + echo kerberos.$domain + else + host=$(host -t SRV _kerberos._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}'|head -1) + if [ "$host" ] ; then + echo $host | sed 's/\.$//' + fi + fi +} + +lookup_kerberos_realm() { + domain="$1" + realm=$(host -t txt _kerberos.$domain | grep -v NXDOMAIN | awk '{print $NF}'|head -1|tr -d '"') + if [ -z "$realm" ] ; then + realm=$(echo $domain | tr a-z A-Z) + fi + echo $realm +} + + +generate_config() { + if [ "$1" ] ; then + domain=$1 + else + domain="$(hostname -d)" + fi + kerberosrealm=$(lookup_kerberos_realm $domain) + ldapuri=$(lookup_ldap_uri "$domain") + if [ -z "$ldapuri" ]; then + # autodetection failed + return + fi + + ldapbase="$(lookup_ldap_base "$ldapuri")" + if [ -z "$ldapbase" ]; then + # autodetection failed + return + fi + kerberosserver=$(lookup_kerberos_server "$domain") + +cat <&2 + exit 1 + ;; +esac --- sssd-1.13.4.orig/debian/libpam-sss.install +++ sssd-1.13.4/debian/libpam-sss.install @@ -0,0 +1,2 @@ +lib/*/security/pam_sss.so +usr/share/man/man8/pam_sss.8* --- sssd-1.13.4.orig/debian/libpam-sss.pam-auth-update +++ sssd-1.13.4/debian/libpam-sss.pam-auth-update @@ -0,0 +1,22 @@ +Name: SSS authentication +Default: yes +Priority: 128 + +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_sss.so use_first_pass +Auth-Initial: + [success=end default=ignore] pam_sss.so forward_pass +Account-Type: Additional +Account: + sufficient pam_localuser.so + [default=bad success=ok user_unknown=ignore] pam_sss.so +Session-Type: Additional +Session-Interactive-Only: yes +Session: + optional pam_sss.so +Password-Type: Primary +Password: + sufficient pam_sss.so use_authtok +Password-Initial: + sufficient pam_sss.so --- sssd-1.13.4.orig/debian/libpam-sss.postinst +++ sssd-1.13.4/debian/libpam-sss.postinst @@ -0,0 +1,40 @@ +#!/bin/sh +# postinst script for sssd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + pam-auth-update --package + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- sssd-1.13.4.orig/debian/libpam-sss.prerm +++ sssd-1.13.4/debian/libpam-sss.prerm @@ -0,0 +1,8 @@ +#! /bin/sh -e + + +if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then + pam-auth-update --package --remove sss +fi + +#DEBHELPER# --- sssd-1.13.4.orig/debian/libsss-idmap-dev.install +++ sssd-1.13.4/debian/libsss-idmap-dev.install @@ -0,0 +1,3 @@ +usr/include/sss_idmap.h +usr/lib/*/libsss_idmap.so +usr/lib/*/pkgconfig/sss_idmap.pc --- sssd-1.13.4.orig/debian/libsss-idmap0.install +++ sssd-1.13.4/debian/libsss-idmap0.install @@ -0,0 +1 @@ +usr/lib/*/libsss_idmap.so.* --- sssd-1.13.4.orig/debian/libsss-nss-idmap-dev.install +++ sssd-1.13.4/debian/libsss-nss-idmap-dev.install @@ -0,0 +1,3 @@ +usr/include/sss_nss_idmap.h +usr/lib/*/libsss_nss_idmap.so +usr/lib/*/pkgconfig/sss_nss_idmap.pc --- sssd-1.13.4.orig/debian/libsss-nss-idmap0.install +++ sssd-1.13.4/debian/libsss-nss-idmap0.install @@ -0,0 +1 @@ +usr/lib/*/libsss_nss_idmap.so.* --- sssd-1.13.4.orig/debian/libsss-simpleifp-dev.install +++ sssd-1.13.4/debian/libsss-simpleifp-dev.install @@ -0,0 +1,4 @@ +usr/include/sss_sifp* +usr/lib/*/libsss_simpleifp.so +usr/lib/*/pkgconfig/sss_simpleifp.pc + --- sssd-1.13.4.orig/debian/libsss-simpleifp0.install +++ sssd-1.13.4/debian/libsss-simpleifp0.install @@ -0,0 +1,2 @@ +usr/lib/*/libsss_simpleifp.so.* + --- sssd-1.13.4.orig/debian/libsss-sudo.install +++ sssd-1.13.4/debian/libsss-sudo.install @@ -0,0 +1 @@ +usr/lib/*/libsss_sudo.so --- sssd-1.13.4.orig/debian/libsss-sudo.lintian-overrides +++ sssd-1.13.4/debian/libsss-sudo.lintian-overrides @@ -0,0 +1 @@ +shlib-without-versioned-soname usr/lib/*/libsss_sudo.so libsss_sudo.so --- sssd-1.13.4.orig/debian/libsss-sudo.postinst +++ sssd-1.13.4/debian/libsss-sudo.postinst @@ -0,0 +1,53 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + ldconfig + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +# This code was taken from libnss-myhostname, which got it from nss-mdns: + +log() { + echo "$*" +} + +# try to insert sss entries to the sudoers line in /etc/nsswitch.conf to +# automatically enable libsss-sudo support; do not change the configuration +# if the lines already references some sss lookups +insert_nss_entry() { + log "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + log "Could not find /etc/nsswitch.conf." + return + fi + + if grep -q ^sudoers /etc/nsswitch.conf; then + # append 'sss' to the end of the line if it's not found already + sed -i --regexp-extended ' + /^(sudoers):/ { + /\bsss\b/! s/$/ sss/ + } + ' /etc/nsswitch.conf + else + echo "sudoers: files sss" >> /etc/nsswitch.conf + fi +} + +insert_nss_entry + + +exit 0 --- sssd-1.13.4.orig/debian/libsss-sudo.postrm +++ sssd-1.13.4/debian/libsss-sudo.postrm @@ -0,0 +1,44 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +# This code was taken from libnss-myhostname, which got it from nss-mdns: + +log() { + echo "$*" +} + +remove_nss_entry() { + log "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + log "Could not find /etc/nsswitch.conf." + return + fi + sed -i --regexp-extended ' + /^(sudoers):/ { + s/\bsss\b//g + s/[[:space:]]+$// + } + ' /etc/nsswitch.conf + + # delete sudoers line if only default entry left" + if ! [ -z "grep \"^sudoers: files$\" /etc/nsswitch.conf" ]; then + sed -i /^sudoers:/d /etc/nsswitch.conf + fi +} + +case "$1" in + remove|purge) + remove_nss_entry + ldconfig + ;; + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac --- sssd-1.13.4.orig/debian/libwbclient-sssd-dev.install +++ sssd-1.13.4/debian/libwbclient-sssd-dev.install @@ -0,0 +1,3 @@ +usr/include/wbclient_sssd.h +usr/lib/*/pkgconfig/wbclient_sssd.pc +usr/lib/*/sssd/modules/libwbclient.so --- sssd-1.13.4.orig/debian/libwbclient-sssd.install +++ sssd-1.13.4/debian/libwbclient-sssd.install @@ -0,0 +1,2 @@ +usr/lib/*/sssd/modules/libwbclient.so.* + --- sssd-1.13.4.orig/debian/patches/gpo-add-unity-to-ad-gpo-map-interactive.diff +++ sssd-1.13.4/debian/patches/gpo-add-unity-to-ad-gpo-map-interactive.diff @@ -0,0 +1,52 @@ +commit 89376da80b2250b82d256ea85ec349ce29fe5b51 +Author: Stephen Gallagher +Date: Thu May 5 10:44:24 2016 -0400 + + GPO: Add "unity" to ad_gpo_map_interactive + + Ubuntu systems use "unity" as their screen-locker. Without this in the + defaults, people often get locked out of their machines when the screen + locks. + + Resolves: + https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415 + + Reviewed-by: Lukáš Slebodník + +diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml +index dc17a2f..265409e 100644 +--- a/src/man/sssd-ad.5.xml ++++ b/src/man/sssd-ad.5.xml +@@ -439,6 +439,11 @@ ad_gpo_map_interactive = +my_pam_service, -login + + + ++ unity ++ ++ ++ ++ + xdm + + +diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c +index 3029ffe..22ac803 100644 +--- a/src/providers/ad/ad_gpo.c ++++ b/src/providers/ad/ad_gpo.c +@@ -188,6 +188,7 @@ int ad_gpo_process_cse_recv(struct tevent_req *req); + #define GPO_LIGHTDM "lightdm" + #define GPO_LXDM "lxdm" + #define GPO_SDDM "sddm" ++#define GPO_UNITY "unity" + #define GPO_XDM "xdm" + #define GPO_SSHD "sshd" + #define GPO_FTP "ftp" +@@ -209,7 +210,7 @@ struct gpo_map_option_entry { + const char *gpo_map_interactive_defaults[] = + {GPO_LOGIN, GPO_SU, GPO_SU_L, + GPO_GDM_FINGERPRINT, GPO_GDM_PASSWORD, GPO_GDM_SMARTCARD, GPO_KDM, +- GPO_LIGHTDM, GPO_LXDM, GPO_SDDM, GPO_XDM, NULL}; ++ GPO_LIGHTDM, GPO_LXDM, GPO_SDDM, GPO_UNITY, GPO_XDM, NULL}; + const char *gpo_map_remote_interactive_defaults[] = {GPO_SSHD, GPO_COCKPIT, + NULL}; + const char *gpo_map_network_defaults[] = {GPO_FTP, GPO_SAMBA, NULL}; --- sssd-1.13.4.orig/debian/patches/ipa-terminate-if-view-name-fails.diff +++ sssd-1.13.4/debian/patches/ipa-terminate-if-view-name-fails.diff @@ -0,0 +1,37 @@ +From 1e052649e15f5830ffbc6ba0dc4a78c49a3a95ba Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 19 Apr 2016 15:07:18 +0200 +Subject: [PATCH] IPA: terminate properly if view name lookup fails + +Since commit 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 the view name +lookup is the last step in the subdomain lookup request. In case of an +error the request should be finished and no previous step should be +called again. + +Resolves https://fedorahosted.org/sssd/ticket/2993 +--- + src/providers/ipa/ipa_subdomains.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c +index bcc6347fa0c53939bb60cff2e903e1db6e2bb6b6..bfe770be6f8c94478baecd1bb88cedc222586187 100644 +--- a/src/providers/ipa/ipa_subdomains.c ++++ b/src/providers/ipa/ipa_subdomains.c +@@ -840,13 +840,7 @@ static void ipa_get_view_name_done(struct tevent_req *req) + if (ret == EOPNOTSUPP || ret == EIO) { + DEBUG(SSSDBG_TRACE_FUNC, "get_view_name request failed, looks " \ + "like server does not support views.\n"); +- ret = ipa_check_master(ctx); +- if (ret == EAGAIN) { +- return; +- } else if (ret != EOK) { +- goto done; +- } +- ++ ret = EOK; + } else { + DEBUG(SSSDBG_OP_FAILURE, "get_view_name request failed.\n"); + } +-- +2.1.0 + --- sssd-1.13.4.orig/debian/patches/pidfile-creation.diff +++ sssd-1.13.4/debian/patches/pidfile-creation.diff @@ -0,0 +1,281 @@ +Description: Mark SSSD as started after all responders are up. + This patch fixes the sssd boot process for upstart and sssd + creating the pidfile after the responders are up and using it + to determine when the service is ready/started. + +Origin: upstream, commit: d4063e9a21a4e203bee7e0a0144fa8cabb14cc46 +Author: Victor Tapia +Bug: https://fedorahosted.org/sssd/ticket/3080 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1566508 +Reviewed-By: Rafael Tinoco +Last-Update: 2017-03-07 + +--- a/configure.ac ++++ b/configure.ac +@@ -343,10 +343,6 @@ + AM_CHECK_SEMANAGE + fi + +-if test x$HAVE_SYSTEMD_UNIT != x; then +- AM_CHECK_SYSTEMD +-fi +- + dnl If journald was selected for logging, configure journald + if test x$syslog = xjournald; then + AM_CHECK_JOURNALD +--- a/Makefile.am ++++ b/Makefile.am +@@ -1102,6 +1102,7 @@ + $(INOTIFY_LIBS) \ + $(LIBNL_LIBS) \ + $(KEYUTILS_LIBS) \ ++ $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) + + sssd_nss_SOURCES = \ +--- a/src/external/systemd.m4 ++++ b/src/external/systemd.m4 +@@ -1,28 +1,44 @@ +-dnl There are no module libsystemd-journal and libsystem-login +-dnl up systemd version 209 ++dnl A macro to check presence of systemd on the system ++PKG_CHECK_EXISTS([systemd], ++ [HAVE_SYSTEMD=yes], ++ [HAVE_SYSTEMD=no]) ++ ++dnl Libraries libsystemd-journal and libsystem-login are deprecarted ++dnl since systemd 209 and are removed in systemd 230. The library libsystemd ++dnl is replacement of libsystemd-{login,journal,daemon,id128} libraries + PKG_CHECK_EXISTS([libsystemd], + [HAVE_LIBSYSTEMD=yes], + [HAVE_LIBSYSTEMD=no]) + +-dnl A macro to check presence of systemd on the system +-AC_DEFUN([AM_CHECK_SYSTEMD], +-[ +- PKG_CHECK_EXISTS(systemd, +- [ HAVE_SYSTEMD=1, AC_SUBST(HAVE_SYSTEMD) ], +- [AC_MSG_ERROR([Could not detect systemd presence])]) +-]) +- + AS_IF([test x$HAVE_LIBSYSTEMD = xyes], + [login_lib_name=libsystemd], + [login_lib_name=libsystemd-login]) + +-AM_COND_IF([HAVE_SYSTEMD], +- [PKG_CHECK_MODULES([SYSTEMD_LOGIN], +- [$login_lib_name], +- [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_LOGIN], 1, +- [Build with libsystemdlogin support]) +- ], +- [AC_MSG_NOTICE([Build without libsystemd-login support])])]) ++AS_IF([test x$HAVE_SYSTEMD = xyes], ++ [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD], 1, [Build with systemd support])], ++ [AC_MSG_NOTICE([Build without systemd support])]) ++ ++AS_IF([test x$HAVE_SYSTEMD = xyes], ++ [PKG_CHECK_MODULES( ++ [SYSTEMD_LOGIN], ++ [$login_lib_name], ++ [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_LOGIN], 1, ++ [Build with $login_lib_name support])], ++ [AC_MSG_NOTICE([Build without $login_lib_name support])])], ++ [AC_MSG_NOTICE([Build without $login_lib_name support])]) ++ ++AS_IF([test x$HAVE_LIBSYSTEMD = xyes], ++ [daemon_lib_name=libsystemd], ++ [daemon_lib_name=libsystemd-daemon]) ++ ++AS_IF([test x$HAVE_SYSTEMD = xyes], ++ [PKG_CHECK_MODULES( ++ [SYSTEMD_DAEMON], ++ [$daemon_lib_name], ++ [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_DAEMON], 1, ++ [Build with $daemon_lib_name support])], ++ [AC_MSG_NOTICE([Build without $daemon_lib_name support])])], ++ [AC_MSG_NOTICE([Build without $daemon_lib_name support])]) + + dnl A macro to check presence of journald on the system + AC_DEFUN([AM_CHECK_JOURNALD], +--- a/src/monitor/monitor.c ++++ b/src/monitor/monitor.c +@@ -55,6 +55,10 @@ + #include + #endif + ++#ifdef HAVE_SYSTEMD ++#include ++#endif ++ + /* ping time cannot be less then once every few seconds or the + * monitor will get crazy hammering children with messages */ + #define MONITOR_DEF_PING_TIME 10 +@@ -77,7 +81,6 @@ + + /* name of the monitor server instance */ + #define MONITOR_NAME "sssd" +-#define SSSD_PIDFILE_PATH PID_PATH"/"MONITOR_NAME".pid" + + /* Special value to leave the Kerberos Replay Cache set to use + * the libkrb5 defaults +@@ -170,6 +173,7 @@ + struct netlink_ctx *nlctx; + const char *conf_path; + struct sss_sigchild_ctx *sigchld_ctx; ++ bool pid_file_created; + bool is_daemon; + pid_t parent_pid; + +@@ -431,7 +435,30 @@ + ctx->started_services++; + } + +- if (ctx->started_services == ctx->num_services) { ++ /* create the pid file if all services are alive */ ++ if (!ctx->pid_file_created && ctx->started_services == ctx->num_services) { ++ DEBUG(SSSDBG_TRACE_FUNC, ++ "All services have successfully started, creating pid file\n"); ++ ret = pidfile(PID_PATH, MONITOR_NAME); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "Error creating pidfile: %s/%s.pid! (%d [%s])\n", ++ PID_PATH, MONITOR_NAME, ret, strerror(ret)); ++ kill(getpid(), SIGTERM); ++ } ++ ++ ctx->pid_file_created = true; ++ ++#ifdef HAVE_SYSTEMD ++ DEBUG(SSSDBG_TRACE_FUNC, "Sending startup notification to systemd\n"); ++ ret = sd_notify(0, "READY=1"); ++ if (ret < 0) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Error sending notification to systemd %d: %s\n", ++ -ret, strerror(-ret)); ++ } ++#endif ++ + /* Initialization is complete, terminate parent process if in daemon + * mode. Make sure we send the signal to the right process */ + if (ctx->is_daemon) { +@@ -1476,7 +1503,7 @@ + int ret; + + errno = 0; +- ret = unlink(SSSD_PIDFILE_PATH); ++ ret = unlink(SSSD_PIDFILE); + if (ret == -1) { + ret = errno; + DEBUG(SSSDBG_FATAL_FAILURE, +@@ -1698,6 +1725,7 @@ + return ENOMEM; + } + ++ ctx->pid_file_created = false; + talloc_set_destructor((TALLOC_CTX *)ctx, monitor_ctx_destructor); + + cdb_file = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); +@@ -2949,8 +2977,6 @@ + return 6; + } + +- /* we want a pid file check */ +- flags |= FLAGS_PID_FILE; + /* the monitor should not run a watchdog on itself */ + flags |= FLAGS_NO_WATCHDOG; + +@@ -3018,6 +3044,15 @@ + } + } + ++ /* Check if the SSSD is already running */ ++ ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false); ++ if (ret == EOK) { ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "pidfile exists at %s\n", SSSD_PIDFILE); ++ ERROR("SSSD is already running\n"); ++ return 2; ++ } ++ + /* Parse config file, fail if cannot be done */ + ret = load_configuration(tmp_ctx, config_file, &monitor); + if (ret != EOK) { +--- a/src/sysv/sssd.in ++++ b/src/sysv/sssd.in +@@ -40,6 +40,8 @@ + LOCK_FILE=@localstatedir@/lock/subsys/sssd + PID_FILE=@localstatedir@/run/sssd.pid + ++TIMEOUT=15 ++ + start() { + [ -x $SSSD ] || exit 5 + echo -n $"Starting $prog: " +@@ -47,6 +49,19 @@ + RETVAL=$? + echo + [ "$RETVAL" = 0 ] && touch $LOCK_FILE ++ ++ # Wait for pidfile creation or timeout ++ sec=0 ++ [ "$RETVAL" = 0 ] && while [ $sec -lt $TIMEOUT -a ! -f $PID_FILE ] ++ do ++ sleep 1 ++ sec=$(($sec+1)) ++ done ++ ++ if [ "$sec" = "$TIMEOUT" ]; then ++ RETVAL=-1 ++ fi ++ + return $RETVAL + } + +--- a/src/sysv/systemd/sssd.service.in ++++ b/src/sysv/systemd/sssd.service.in +@@ -1,16 +1,13 @@ + [Unit] + Description=System Security Services Daemon + # SSSD must be running before we permit user sessions +-Before=systemd-user-sessions.service nss-user-lookup.target ++Before=systemd-user-sessions.service nss-user-lookup.target autofs.service + Wants=nss-user-lookup.target + + [Service] +-EnvironmentFile=-@environment_file@ +-ExecStart=@sbindir@/sssd -D -f +-# These two should be used with traditional UNIX forking daemons +-# consult systemd.service(5) for more details +-Type=forking +-PIDFile=@localstatedir@/run/sssd.pid ++ExecStart=@sbindir@/sssd -i -f ++Type=notify ++NotifyAccess=main + + [Install] + WantedBy=multi-user.target +--- a/src/tools/tools_util.h ++++ b/src/tools/tools_util.h +@@ -27,9 +27,6 @@ + + #include "util/util.h" + +-#define SSSD_PIDFILE ""PID_PATH"/sssd.pid" +-#define MAX_PID_LENGTH 10 +- + #define BAD_POPT_PARAMS(pc, msg, val, label) do { \ + usage(pc, msg); \ + val = EXIT_FAILURE; \ +--- a/src/util/util.h ++++ b/src/util/util.h +@@ -53,6 +53,10 @@ + #include "util/sss_format.h" + #include "util/debug.h" + ++/* name of the monitor server instance */ ++#define SSSD_PIDFILE PID_PATH"/sssd.pid" ++#define MAX_PID_LENGTH 10 ++ + #define _(STRING) gettext (STRING) + + #define ENUM_INDICATOR "*" --- sssd-1.13.4.orig/debian/patches/restart_providers_on_timeshift.patch +++ sssd-1.13.4/debian/patches/restart_providers_on_timeshift.patch @@ -0,0 +1,362 @@ +Description: Restart the providers after a time shift has been detected + This patch backports the watchdog from 1.14 and restarts the providers + using the already implemented SIGUSR2 for method .resetOffline (used after + netlink detects an interface change). By doing this, events like LDAP + connection retries will be executed immediately instead of having to wait + the time shifted (potentially hours) to get to its normal schedule. + +Author: Victor Tapia +Bug: https://fedorahosted.org/sssd/ticket/3285 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1641875 +Last-Update: 2017-02-22 + +diff -Nur 1/Makefile.am 2/Makefile.am +--- 1/Makefile.am 2016-04-13 16:48:41.000000000 +0200 ++++ 2/Makefile.am 2017-02-09 18:01:11.591435099 +0100 +@@ -867,6 +867,7 @@ + src/util/well_known_sids.c \ + src/util/string_utils.c \ + src/util/become_user.c \ ++ src/util/util_watchdog.c \ + $(NULL) + libsss_util_la_CFLAGS = \ + $(AM_CFLAGS) \ +diff -Nur 1/src/monitor/monitor.c 2/src/monitor/monitor.c +--- 1/src/monitor/monitor.c 2016-04-13 16:48:41.000000000 +0200 ++++ 2/src/monitor/monitor.c 2017-02-09 18:01:06.307249928 +0100 +@@ -2951,6 +2951,8 @@ + + /* we want a pid file check */ + flags |= FLAGS_PID_FILE; ++ /* the monitor should not run a watchdog on itself */ ++ flags |= FLAGS_NO_WATCHDOG; + + /* Open before server_setup() does to have logging + * during configuration checking */ +diff -Nur 1/src/util/server.c 2/src/util/server.c +--- 1/src/util/server.c 2016-04-13 16:48:41.000000000 +0200 ++++ 2/src/util/server.c 2017-02-09 18:01:05.827233115 +0100 +@@ -459,6 +459,7 @@ + struct tevent_signal *tes; + struct logrotate_ctx *lctx; + char *locale; ++ int watchdog_interval; + + ret = chown_debug_file(NULL, uid, gid); + if (ret != EOK) { +@@ -642,6 +643,24 @@ + return ret; + } + } ++ ++ /* Setup the internal watchdog */ ++ ret = confdb_get_int(ctx->confdb_ctx, conf_entry, ++ CONFDB_DOMAIN_TIMEOUT, ++ 0, &watchdog_interval); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ++ ret, strerror(ret)); ++ return ret; ++ } ++ ++ if ((flags & FLAGS_NO_WATCHDOG) == 0) { ++ ret = setup_watchdog(ctx->event_ctx, watchdog_interval); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "Watchdog setup failed.\n"); ++ return ret; ++ } ++ } + + sss_log(SSS_LOG_INFO, "Starting up"); + +diff -Nur 1/src/util/util.h 2/src/util/util.h +--- 1/src/util/util.h 2016-04-13 16:48:41.000000000 +0200 ++++ 2/src/util/util.h 2017-02-09 18:01:05.839233536 +0100 +@@ -83,6 +83,21 @@ + #define FLAGS_DAEMON 0x0001 + #define FLAGS_INTERACTIVE 0x0002 + #define FLAGS_PID_FILE 0x0004 ++#define FLAGS_NO_WATCHDOG 0x0010 ++ ++#define PIPE_INIT { -1, -1 } ++ ++#define PIPE_FD_CLOSE(fd) do { \ ++ if (fd != -1) { \ ++ close(fd); \ ++ fd = -1; \ ++ } \ ++} while(0); ++ ++#define PIPE_CLOSE(p) do { \ ++ PIPE_FD_CLOSE(p[0]); \ ++ PIPE_FD_CLOSE(p[1]); \ ++} while(0); + + #ifndef talloc_zfree + #define talloc_zfree(ptr) do { talloc_free(discard_const(ptr)); ptr = NULL; } while(0) +@@ -587,4 +602,8 @@ + */ + int sss_unique_filename(TALLOC_CTX *owner, char *path_tmpl); + ++/* from util_watchdog.c */ ++int setup_watchdog(struct tevent_context *ev, int interval); ++void teardown_watchdog(void); ++ + #endif /* __SSSD_UTIL_H__ */ +diff -Nur 1/src/util/util_watchdog.c 2/src/util/util_watchdog.c +--- 1/src/util/util_watchdog.c 1970-01-01 01:00:00.000000000 +0100 ++++ 2/src/util/util_watchdog.c 2017-02-09 18:01:05.815232695 +0100 +@@ -0,0 +1,253 @@ ++/* ++ SSSD ++ ++ Timer Watchdog routines ++ ++ Copyright (C) Simo Sorce 2016 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++#include "util/util.h" ++ ++#define WATCHDOG_DEF_INTERVAL 10 ++#define WATCHDOG_MAX_TICKS 3 ++#define DEFAULT_BUFFER_SIZE 4096 ++ ++/* this is intentionally a global variable */ ++struct watchdog_ctx { ++ timer_t timerid; ++ struct timeval interval; ++ struct tevent_timer *te; ++ volatile int ticks; ++ ++ /* To detect time shift. */ ++ struct tevent_context *ev; ++ int input_interval; ++ time_t timestamp; ++ struct tevent_fd *tfd; ++ int pipefd[2]; ++} watchdog_ctx; ++ ++static void watchdog_detect_timeshift(void) ++{ ++ time_t prev_time; ++ time_t cur_time; ++ ++ prev_time = watchdog_ctx.timestamp; ++ cur_time = watchdog_ctx.timestamp = time(NULL); ++ if (cur_time < prev_time) { ++ /* Time shift detected. We need to restart watchdog. */ ++ if (write(watchdog_ctx.pipefd[1], "1", 1) != 1) { ++ if (getpid() == getpgrp()) { ++ kill(-getpgrp(), SIGTERM); ++ } else { ++ _exit(1); ++ } ++ } ++ } ++} ++ ++/* the watchdog is purposefully *not* handled by the tevent ++ * signal handler as it is meant to check if the daemon is ++ * still processing the event queue itself. A stuck process ++ * may not handle the event queue at all and thus not handle ++ * signals either */ ++static void watchdog_handler(int sig) ++{ ++ ++ watchdog_detect_timeshift(); ++ ++ /* if a pre-defined number of ticks passed by kills itself */ ++ if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > WATCHDOG_MAX_TICKS) { ++ if (getpid() == getpgrp()) { ++ kill(-getpgrp(), SIGTERM); ++ } else { ++ _exit(1); ++ } ++ } ++} ++ ++static void watchdog_reset(void) ++{ ++ __sync_and_and_fetch(&watchdog_ctx.ticks, 0); ++} ++ ++static void watchdog_event_handler(struct tevent_context *ev, ++ struct tevent_timer *te, ++ struct timeval current_time, ++ void *private_data) ++{ ++ /* first thing reset the watchdog ticks */ ++ watchdog_reset(); ++ ++ /* then set a new watchodg event */ ++ watchdog_ctx.te = tevent_add_timer(ev, ev, ++ tevent_timeval_current_ofs(watchdog_ctx.interval.tv_sec, 0), ++ watchdog_event_handler, NULL); ++ /* if the function fails the watchdog will kill the ++ * process soon enough, so we just warn */ ++ if (!watchdog_ctx.te) { ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "Failed to create a watchdog timer event!\n"); ++ } ++} ++ ++static errno_t watchdog_fd_recv_data(int fd) ++{ ++ ssize_t len; ++ char buffer[DEFAULT_BUFFER_SIZE]; ++ errno_t ret; ++ ++ errno = 0; ++ len = read(fd, buffer, DEFAULT_BUFFER_SIZE); ++ if (len == -1) { ++ if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR) { ++ return EAGAIN; ++ } else { ++ ret = errno; ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "write failed [%d]: %s\n", ret, strerror(ret)); ++ return ret; ++ } ++ } ++ ++ return EOK; ++} ++ ++static void watchdog_fd_read_handler(struct tevent_context *ev, ++ struct tevent_fd *fde, ++ uint16_t flags, ++ void *data) ++{ ++ errno_t ret; ++ ++ ret = watchdog_fd_recv_data(watchdog_ctx.pipefd[0]); ++ switch(ret) { ++ case EAGAIN: ++ DEBUG(SSSDBG_TRACE_ALL, ++ "Interrupted before any data could be read, retry later.\n"); ++ return; ++ case EOK: ++ /* all fine */ ++ break; ++ default: ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "Failed to receive data [%d]: %s. " ++ "orderly_shutdown() will be called.\n", ret, strerror(ret)); ++ orderly_shutdown(1); ++ } ++ ++ DEBUG(SSSDBG_IMPORTANT_INFO, "Time shift detected, " ++ "restarting watchdog!\n"); ++ if (getpid() == getpgrp()) { ++ kill(-getpgrp(), SIGUSR2); ++ } ++} ++ ++int setup_watchdog(struct tevent_context *ev, int interval) ++{ ++ struct sigevent sev; ++ struct itimerspec its; ++ struct tevent_fd *tfd; ++ int signum = SIGRTMIN; ++ int ret; ++ ++ ZERO_STRUCT(sev); ++ CatchSignal(signum, watchdog_handler); ++ ++ sev.sigev_notify = SIGEV_SIGNAL; ++ sev.sigev_signo = signum; ++ sev.sigev_value.sival_ptr = &watchdog_ctx.timerid; ++ errno = 0; ++ ret = timer_create(CLOCK_MONOTONIC, &sev, &watchdog_ctx.timerid); ++ if (ret == -1) { ++ ret = errno; ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "Failed to create watchdog timer (%d) [%s]\n", ++ ret, strerror(ret)); ++ return ret; ++ } ++ ++ if (interval == 0) { ++ interval = WATCHDOG_DEF_INTERVAL; ++ } ++ watchdog_ctx.interval.tv_sec = interval; ++ watchdog_ctx.interval.tv_usec = 0; ++ ++ watchdog_ctx.ev = ev; ++ watchdog_ctx.input_interval = interval; ++ watchdog_ctx.timestamp = time(NULL); ++ ++ ret = pipe(watchdog_ctx.pipefd); ++ if (ret == -1) { ++ ret = errno; ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "pipe failed [%d] [%s].\n", ret, strerror(ret)); ++ return ret; ++ } ++ ++ sss_fd_nonblocking(watchdog_ctx.pipefd[0]); ++ sss_fd_nonblocking(watchdog_ctx.pipefd[1]); ++ ++ tfd = tevent_add_fd(ev, (TALLOC_CTX *)ev, watchdog_ctx.pipefd[0], ++ TEVENT_FD_READ, watchdog_fd_read_handler, NULL); ++ watchdog_ctx.tfd = tfd; ++ ++ /* Start the timer */ ++ /* we give 1 second head start to the watchdog event */ ++ its.it_value.tv_sec = interval + 1; ++ its.it_value.tv_nsec = 0; ++ its.it_interval.tv_sec = interval; ++ its.it_interval.tv_nsec = 0; ++ errno = 0; ++ ret = timer_settime(watchdog_ctx.timerid, 0, &its, NULL); ++ if (ret == -1) { ++ ret = errno; ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "Failed to create watchdog timer (%d) [%s]\n", ++ ret, strerror(ret)); ++ return ret; ++ } ++ ++ /* Add the watchdog event and make it fire as fast as the timer */ ++ watchdog_event_handler(ev, NULL, tevent_timeval_zero(), NULL); ++ ++ return EOK; ++} ++ ++void teardown_watchdog(void) ++{ ++ int ret; ++ ++ /* Disarm the timer */ ++ errno = 0; ++ ret = timer_delete(watchdog_ctx.timerid); ++ if (ret == -1) { ++ ret = errno; ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "Failed to destroy watchdog timer (%d) [%s]\n", ++ ret, strerror(ret)); ++ } ++ ++ /* Free the tevent_fd */ ++ talloc_zfree(watchdog_ctx.tfd); ++ ++ /* Close the pipefds */ ++ PIPE_FD_CLOSE(watchdog_ctx.pipefd[0]); ++ PIPE_FD_CLOSE(watchdog_ctx.pipefd[1]); ++ ++ /* and kill the watchdog event */ ++ talloc_free(watchdog_ctx.te); ++} --- sssd-1.13.4.orig/debian/patches/sanitize_newline.diff +++ sssd-1.13.4/debian/patches/sanitize_newline.diff @@ -0,0 +1,31 @@ +Description: Sanitize newline and return carriage characters + Introducing valid usernames with trailing newline or return carriage + characters triggers the removal of valid LDB cache entries. This patch + sanitizes these characters in order to fix the LDAP query, addressing + the issue. + +Author: Victor Tapia +Bug: https://pagure.io/SSSD/sssd/issue/3317 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1669712 +Last-Update: 2017-03-10 + +--- sssd-1.13.4/src/util/util.c 2016-04-13 16:48:41.000000000 +0200 ++++ sssd/src/util/util.c 2017-03-10 13:16:23.605399778 +0100 +@@ -586,6 +589,16 @@ + output[j++] = '5'; + output[j++] = 'c'; + break; ++ case '\r': ++ output[j++] = '\\'; ++ output[j++] = '0'; ++ output[j++] = 'd'; ++ break; ++ case '\n': ++ output[j++] = '\\'; ++ output[j++] = '0'; ++ output[j++] = 'a'; ++ break; + default: + output[j++] = input[i]; + } + --- sssd-1.13.4.orig/debian/patches/series +++ sssd-1.13.4/debian/patches/series @@ -0,0 +1,5 @@ +ipa-terminate-if-view-name-fails.diff +gpo-add-unity-to-ad-gpo-map-interactive.diff +restart_providers_on_timeshift.patch +pidfile-creation.diff +sanitize_newline.diff --- sssd-1.13.4.orig/debian/python-libipa-hbac.install +++ sssd-1.13.4/debian/python-libipa-hbac.install @@ -0,0 +1 @@ +usr/lib/python2*/dist-packages/pyhbac.so --- sssd-1.13.4.orig/debian/python-libsss-nss-idmap.install +++ sssd-1.13.4/debian/python-libsss-nss-idmap.install @@ -0,0 +1 @@ +usr/lib/python2*/dist-packages/pysss_nss_idmap.so --- sssd-1.13.4.orig/debian/python-sss.install +++ sssd-1.13.4/debian/python-sss.install @@ -0,0 +1,3 @@ +usr/lib/python2*/dist-packages/SSSDConfig/*.py +usr/lib/python2*/dist-packages/pysss.so +usr/lib/python2*/dist-packages/pysss_murmur.so --- sssd-1.13.4.orig/debian/python3-libipa-hbac.install +++ sssd-1.13.4/debian/python3-libipa-hbac.install @@ -0,0 +1 @@ +usr/lib/python3*/site-packages/pyhbac.so --- sssd-1.13.4.orig/debian/python3-libsss-nss-idmap.install +++ sssd-1.13.4/debian/python3-libsss-nss-idmap.install @@ -0,0 +1 @@ +usr/lib/python3*/site-packages/pysss_nss_idmap.so --- sssd-1.13.4.orig/debian/python3-sss.install +++ sssd-1.13.4/debian/python3-sss.install @@ -0,0 +1,3 @@ +usr/lib/python3*/dist-packages/SSSDConfig/*.py +usr/lib/python3*/site-packages/pysss.so +usr/lib/python3*/site-packages/pysss_murmur.so --- sssd-1.13.4.orig/debian/rules +++ sssd-1.13.4/debian/rules @@ -0,0 +1,99 @@ +#!/usr/bin/make -f +%: + dh $@ --with quilt,autoreconf,python2,python3,systemd \ + --parallel \ + --builddirectory=build + +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + +CFLAGS = $(shell dpkg-buildflags --get CFLAGS) +CFLAGS += -I/usr/include/samba-4.0 + +export CK_DEFAULT_TIMEOUT=30 + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +APIDOCDIR = /usr/share/sssd +DISTRIBUTION = $(shell lsb_release -i | sed 's/.*:\t//') +INIT = init +PKGDATE = $(shell dpkg-parsechangelog | \ + awk -F" " '/^Date/ { print $$4 "/" $$3 "/" $$5 }' | \ + sed 's/Jan/01/;s/Feb/02/;s/Mar/03/;s/Apr/04/;s/May/05/;s/Jun/06/;s/Jul/07/;s/Aug/08/;s/Sep/09/;s/Oct/10/;s/Nov/11/;s/Dec/12/;s/\//\\\//g') +CURDATE = $(shell date +%m/%d/%Y | sed 's/\//\\\//g') +export CK_VERBOSITY=verbose + +ifeq ($(DISTRIBUTION), Ubuntu) + INIT = upstart +endif + +override_dh_auto_configure: + dh_auto_configure -- --enable-krb5-locator-plugin \ + --datadir=/usr/share/ \ + --with-ldb-lib-dir=/usr/lib/$(DEB_HOST_MULTIARCH)/ldb/modules/ldb \ + --with-krb5-plugin-path=/usr/lib/$(DEB_HOST_MULTIARCH)/krb5/plugins/krb5 \ + --enable-nsslibdir=/lib/$(DEB_HOST_MULTIARCH) \ + --enable-pammoddir=/lib/$(DEB_HOST_MULTIARCH)/security \ + --disable-static \ + --disable-rpath \ + --with-autofs \ + --with-ssh \ + --with-initscript=systemd --with-systemdunitdir=/lib/systemd/system \ + --with-sudo + +override_dh_auto_test: + export CK_TIMEOUT_MULTIPLIER=10 + dh_auto_test -- VERBOSE=yes + unset CK_TIMEOUT_MULTIPLIER + +override_dh_auto_install: + dh_auto_install --max-parallel=1 + +override_dh_fixperms: + dh_fixperms -Xkrb5_child -Xldap_child -Xselinux_child + +override_dh_install: + install -D -m755 $(CURDIR)/debian/generate-config \ + $(CURDIR)/debian/tmp/usr/share/sssd/generate-config + + mkdir -p $(CURDIR)/debian/libpam-sss/usr/share/pam-configs + install -m644 debian/libpam-sss.pam-auth-update \ + $(CURDIR)/debian/libpam-sss/usr/share/pam-configs/sss + install -m644 -D $(CURDIR)/debian/apparmor-profile \ + $(CURDIR)/debian/sssd-common/etc/apparmor.d/usr.sbin.sssd + + cat $(CURDIR)/debian/sssd-common.sssd.$(INIT).in > $(CURDIR)/debian/sssd-common.sssd.$(INIT) + cat $(CURDIR)/debian/sssd-common.sssd-autofs.$(INIT).in > $(CURDIR)/debian/sssd-common.sssd-autofs.$(INIT) + + # remove files we don't want to install + find $(CURDIR)/debian/tmp/ -name '*.la' -exec rm '{}' ';' + find $(CURDIR)/debian/tmp/ -name '*.pyc' -exec rm '{}' ';' + find $(CURDIR)/debian/tmp/ -name '*.egg-info' -exec rm '{}' ';' + rm -f $(CURDIR)/debian/tmp/etc/rc.d/init.d/sssd + + # match nn/nn/nnnn, replace with the date from changelog + sed -i 's/[0-1][0-9]\/[0-3][0-9]\/[0-9][0-9][0-9][0-9]/${PKGDATE}/g' $(CURDIR)/debian/tmp/usr/share/man/man*/* + + dh_install --fail-missing + +override_dh_python2: + dh_python2 --no-guessing-versions + +override_dh_installinit: + dh_apparmor -psssd-common --profile-name=usr.sbin.sssd + dh_installinit --name sssd --error-handler=invoke_failure + dh_installinit --name sssd-autofs --error-handler=invoke_failure + +override_dh_installdeb: + dh_installdeb + for pkg in sssd-common sssd-ipa sssd-krb5-common sssd-proxy; do \ + sed -i 's/@TRIPLET@/${DEB_HOST_MULTIARCH}/' \ + $(CURDIR)/debian/$$pkg/DEBIAN/postinst; \ + done + +override_dh_auto_clean: + dh_auto_clean + rm -f $(CURDIR)/debian/sssd-common.$(INIT) + rm -f $(CURDIR)/po/*.gmo + rm -f $(CURDIR)/src/config/*.pyc + rm -f $(CURDIR)/po/stamp-po --- sssd-1.13.4.orig/debian/source/format +++ sssd-1.13.4/debian/source/format @@ -0,0 +1 @@ +1.0 --- sssd-1.13.4.orig/debian/sssd-ad-common.install +++ sssd-1.13.4/debian/sssd-ad-common.install @@ -0,0 +1 @@ +usr/lib/*/sssd/sssd_pac --- sssd-1.13.4.orig/debian/sssd-ad.install +++ sssd-1.13.4/debian/sssd-ad.install @@ -0,0 +1,3 @@ +usr/lib/*/sssd/gpo_child +usr/lib/*/sssd/libsss_ad.so +usr/share/man/man5/sssd-ad.5* --- sssd-1.13.4.orig/debian/sssd-common.dirs +++ sssd-1.13.4/debian/sssd-common.dirs @@ -0,0 +1,9 @@ +etc/sssd +var/lib/sss +var/lib/sss/db +var/lib/sss/gpo_cache +var/lib/sss/mc +var/lib/sss/pipes +var/lib/sss/pipes/private +var/lib/sss/pubconf +var/log/sssd --- sssd-1.13.4.orig/debian/sssd-common.docs +++ sssd-1.13.4/debian/sssd-common.docs @@ -0,0 +1 @@ +BUILD.txt --- sssd-1.13.4.orig/debian/sssd-common.examples +++ sssd-1.13.4/debian/sssd-common.examples @@ -0,0 +1 @@ +src/examples/sssd-example.conf --- sssd-1.13.4.orig/debian/sssd-common.install +++ sssd-1.13.4/debian/sssd-common.install @@ -0,0 +1,38 @@ +lib/systemd/system/sssd.service +usr/bin/sss_ssh_authorizedkeys +usr/bin/sss_ssh_knownhostsproxy +usr/lib/*/cifs-utils/cifs_idmap_sss.so +usr/lib/*/krb5/plugins/authdata/sssd_pac_plugin.so +usr/lib/*/krb5/plugins/krb5/sssd_krb5_locator_plugin.so +usr/lib/*/ldb/modules/ldb/memberof.so +usr/lib/*/libnfsidmap/sss.so +usr/lib/*/sssd/libsss_cert.so +usr/lib/*/sssd/libsss_child.so +usr/lib/*/sssd/libsss_crypt.so +usr/lib/*/sssd/libsss_debug.so +usr/lib/*/sssd/libsss_krb5_common.so +usr/lib/*/sssd/libsss_ldap_common.so +usr/lib/*/sssd/libsss_semanage.so +usr/lib/*/sssd/libsss_simple.so +usr/lib/*/sssd/libsss_util.so +usr/lib/*/sssd/modules/libsss_autofs.so +usr/lib/*/sssd/modules/sssd_krb5_localauth_plugin.so +usr/lib/*/sssd/p11_child +usr/lib/*/sssd/sss_signal +usr/lib/*/sssd/sssd_autofs +usr/lib/*/sssd/sssd_be +usr/lib/*/sssd/sssd_nss +usr/lib/*/sssd/sssd_pam +usr/lib/*/sssd/sssd_ssh +usr/lib/*/sssd/sssd_sudo +usr/sbin/sssd +usr/share/locale/*/LC_MESSAGES/* +usr/share/man/man1/sss_ssh_authorizedkeys.1* +usr/share/man/man1/sss_ssh_knownhostsproxy.1* +usr/share/man/man5/sss_rpcidmapd.5* +usr/share/man/man5/sssd-simple.5* +usr/share/man/man5/sssd-sudo.5* +usr/share/man/man5/sssd.conf.5* +usr/share/man/man8/sssd.8* +usr/share/man/man8/sssd_krb5_locator_plugin.8* +usr/share/sssd/* --- sssd-1.13.4.orig/debian/sssd-common.lintian-overrides +++ sssd-1.13.4/debian/sssd-common.lintian-overrides @@ -0,0 +1 @@ +manpage-has-errors-from-man usr/share/man/man5/sssd-ldap.5.* --- sssd-1.13.4.orig/debian/sssd-common.logrotate +++ sssd-1.13.4/debian/sssd-common.logrotate @@ -0,0 +1,11 @@ +/var/log/sssd/*.log { + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + postrotate + kill -HUP `cat /var/run/sssd.pid` > /dev/null 2>&1 || true + endscript +} --- sssd-1.13.4.orig/debian/sssd-common.manpages +++ sssd-1.13.4/debian/sssd-common.manpages @@ -0,0 +1 @@ +usr/share/man/man*/* --- sssd-1.13.4.orig/debian/sssd-common.postinst +++ sssd-1.13.4/debian/sssd-common.postinst @@ -0,0 +1,76 @@ +#!/bin/sh +# postinst script for sssd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +OUT=/dev/null +HOME=/var/lib/sss +LIBDIR=/usr/lib/@TRIPLET@/sssd + +case "$1" in + configure) + if ! getent passwd sssd > $OUT; then + echo "Creating SSSD system user & group..." + adduser --quiet --system --home $HOME \ + --disabled-password --group \ + --gecos "SSSD system user" \ + sssd > $OUT + fi + chown sssd:sssd \ + $HOME/db \ + $HOME/gpo_cache \ + $HOME/mc \ + $HOME/pipes \ + $HOME/pipes/private \ + $HOME/pubconf \ + /etc/sssd \ + /var/log/sssd + chown root:sssd $LIBDIR/p11_child + + chmod 4754 $LIBDIR/p11_child + chmod 755 $HOME/gpo_cache $HOME/mc $HOME/pipes $HOME/pubconf + chmod 750 /var/log/sssd + chmod 711 /etc/sssd + chmod 700 $HOME/db $HOME/pipes/private + if [ -f /etc/sssd/sssd.conf ]; then + chown root:root /etc/sssd/sssd.conf + chmod 0600 /etc/sssd/sssd.conf + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +invoke_failure() { + # invoke-rc.d failed, likely because of a missing sssd.conf + if [ ! -s /etc/sssd/sssd.conf ]; then + echo "... because /etc/sssd/sssd.conf is not available yet" + fi +} + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- sssd-1.13.4.orig/debian/sssd-common.postrm +++ sssd-1.13.4/debian/sssd-common.postrm @@ -0,0 +1,53 @@ +#!/bin/sh +# postrm script for sssd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + rm -f /etc/sssd/sssd.conf + if [ -d /etc/sssd ]; then + rmdir --ignore-fail-on-non-empty /etc/sssd/ + fi + rm -rf /var/log/sssd/ + if getent group dirsrv > /dev/null; then + deluser --system sssd + fi + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# work around buggy dh_apparmor which doesn't do this for us +if [ "$1" = "purge" ]; then + rmdir /etc/apparmor.d/force-complain 2>/dev/null || true + rmdir /etc/apparmor.d 2>/dev/null || true +fi + +exit 0 --- sssd-1.13.4.orig/debian/sssd-common.preinst +++ sssd-1.13.4/debian/sssd-common.preinst @@ -0,0 +1,61 @@ +#!/bin/sh + +set -e + +# Remove a no-longer used conffile +# Copied from http://wiki.debian.org/DpkgConffileHandling +rm_conffile() { + local PKGNAME="$1" + local CONFFILE="$2" + + [ -e "$CONFFILE" ] || return 0 + + local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')" + local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \ + sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")" + if [ "$md5sum" != "$old_md5sum" ]; then + echo "Obsolete conffile $CONFFILE has been modified by you." + echo "Saving as $CONFFILE.dpkg-bak ..." + mv -f "$CONFFILE" "$CONFFILE".dpkg-bak + else + echo "Removing obsolete conffile $CONFFILE ..." + mv -f "$CONFFILE" "$CONFFILE".dpkg-del + fi +} + +APP_PROFILE="usr.sbin.sssd" +APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE" +APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE" +APP_DISABLE="/etc/apparmor.d/disable/$APP_PROFILE" + +inst_complain_profile() { + # Create a symlink to the yet-to-be-unpacked profile + mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true + ln -sf $APP_CONFFILE $APP_COMPLAIN +} + +case "$1" in +install) + # Force the AppArmor profile to complain mode on install + inst_complain_profile + ;; +upgrade) + if dpkg --compare-versions "$2" le "1.0.5-1"; then + rm_conffile sssd "/etc/sssd/sssd.api.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-proxy.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-simple.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ipa.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-local.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-krb5.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ldap.conf" + fi + if dpkg --compare-versions "$2" lt "1.10.0~beta2-1"; then + inst_complain_profile + if [ -e "$APP_DISABLE" ]; then + rm -f "$APP_DISABLE" + fi + fi + ;; +esac + +#DEBHELPER# --- sssd-1.13.4.orig/debian/sssd-common.prerm +++ sssd-1.13.4/debian/sssd-common.prerm @@ -0,0 +1,9 @@ +#! /bin/sh -e + +invoke_failure() { + # invoke-rc.d failed + return +} + +#DEBHELPER# + --- sssd-1.13.4.orig/debian/sssd-common.sssd-autofs.upstart.in +++ sssd-1.13.4/debian/sssd-common.sssd-autofs.upstart.in @@ -0,0 +1,8 @@ +description "Restart Autofs after SSSD starts on boot" +author "Victor Tapia " + +start on startup and (started sssd and started autofs) + +script + restart autofs +end script --- sssd-1.13.4.orig/debian/sssd-common.sssd.default +++ sssd-1.13.4/debian/sssd-common.sssd.default @@ -0,0 +1,10 @@ +# Defaults for sssd initscript +# sourced by /etc/init.d/sssd +# installed at /etc/default/sssd by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# Additional options that are passed to the Daemon. +DAEMON_OPTS="-D -f" --- sssd-1.13.4.orig/debian/sssd-common.sssd.init.in +++ sssd-1.13.4/debian/sssd-common.sssd.init.in @@ -0,0 +1,86 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: sssd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: System Security Services Daemon +# Description: Provides a set of daemons to manage access to +# remote directories and authentication +# mechanisms. It provides an NSS and PAM interface +# toward the system and a pluggable backend system +# to connect to multiple different account sources. +### END INIT INFO +# start on filesystem +# stop on runlevel [06] + +DESCRIPTION="System Security Services Daemon" +PATH=/bin:/usr/bin:/sbin:/usr/sbin +NAME=sssd +DAEMON_OPTS="" +DAEMON=/usr/sbin/$NAME +PIDFILE=/var/run/$NAME.pid + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +if [ -f /etc/default/sssd ] ; then + . /etc/default/sssd +fi + +initdmain() { + case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESCRIPTION" "$NAME" + start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS + RC=$? + case "$RC" in + 0) + [ "$VERBOSE" != no ] && log_end_msg $RC + ;; + *) + # Report error also when VERBOSE=no + log_daemon_msg "Starting $DESCRIPTION" "$NAME" + log_end_msg $RC + ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESCRIPTION" "$NAME" + killproc -p $PIDFILE $DAEMON + RC=$? + case "$RC" in + 0) + [ "$VERBOSE" != no ] && log_end_msg $RC + ;; + *) + # Report error also when VERBOSE=no + log_daemon_msg "Stopping $DESCRIPTION" "$NAME" + log_end_msg $RC + ;; + esac + ;; + force-reload|restart) + $0 stop + $0 start + ;; + status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|status}" + exit 1 + ;; + esac +} + +initdmain $@ + +exit 0 --- sssd-1.13.4.orig/debian/sssd-common.sssd.upstart.in +++ sssd-1.13.4/debian/sssd-common.sssd.upstart.in @@ -0,0 +1,44 @@ +# sssd - System Security Services Daemon +# +# Provides a set of daemons to manage access to remote directories and +# authentication mechanisms. It provides an NSS and PAM interface toward +# the system and a pluggable backend system to connect to multiple different +# account sources. + +description "System Security Services Daemon" + +start on (filesystem and net-device-up) +stop on runlevel [06] + +expect fork +respawn + +env DEFAULTFILE=/etc/default/sssd + +pre-start script + test -f /etc/sssd/sssd.conf || { stop; exit 0; } + /lib/init/apparmor-profile-load usr.sbin.sssd +end script + +script + if [ -f "$DEFAULTFILE" ]; then + . "$DEFAULTFILE" + fi + + exec sssd $DAEMON_OPTS +end script + +post-start script + # Wait until the responders are active to transition to started. + TIMEOUT=30 + sec=0 + while [ $sec -lt $TIMEOUT -a ! -f /var/run/sssd.pid ] + do + sleep 1 + sec=$(($sec+1)) + done + + if [ "$sec" -eq "$TIMEOUT" ]; then + stop + fi +end script --- sssd-1.13.4.orig/debian/sssd-dbus.install +++ sssd-1.13.4/debian/sssd-dbus.install @@ -0,0 +1,5 @@ +etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +usr/lib/*/sssd/libsss_config.so +usr/lib/*/sssd/sssd_ifp +usr/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service +usr/share/man/man5/sssd-ifp.5 --- sssd-1.13.4.orig/debian/sssd-ipa.dirs +++ sssd-1.13.4/debian/sssd-ipa.dirs @@ -0,0 +1 @@ +var/lib/sss/keytabs --- sssd-1.13.4.orig/debian/sssd-ipa.install +++ sssd-1.13.4/debian/sssd-ipa.install @@ -0,0 +1,3 @@ +usr/lib/*/sssd/libsss_ipa.so +usr/lib/*/sssd/selinux_child +usr/share/man/man5/sssd-ipa.5* --- sssd-1.13.4.orig/debian/sssd-ipa.postinst +++ sssd-1.13.4/debian/sssd-ipa.postinst @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +LIBDIR=/usr/lib/@TRIPLET@/sssd + +case "$1" in + configure) + chown root:sssd $LIBDIR/selinux_child + chmod 4754 $LIBDIR/selinux_child + chown sssd:sssd /var/lib/sss/keytabs + chmod 700 /var/lib/sss/keytabs + ;; +esac + +#DEBHELPER# + --- sssd-1.13.4.orig/debian/sssd-krb5-common.dirs +++ sssd-1.13.4/debian/sssd-krb5-common.dirs @@ -0,0 +1,2 @@ +var/lib/sss/pubconf/krb5.include.d + --- sssd-1.13.4.orig/debian/sssd-krb5-common.install +++ sssd-1.13.4/debian/sssd-krb5-common.install @@ -0,0 +1,2 @@ +usr/lib/*/sssd/krb5_child +usr/lib/*/sssd/ldap_child --- sssd-1.13.4.orig/debian/sssd-krb5-common.postinst +++ sssd-1.13.4/debian/sssd-krb5-common.postinst @@ -0,0 +1,14 @@ +#!/bin/sh +set -e + +LIBDIR=/usr/lib/@TRIPLET@/sssd + +case "$1" in + configure) + chown root:sssd $LIBDIR/krb5_child $LIBDIR/ldap_child + chmod 4754 $LIBDIR/krb5_child $LIBDIR/ldap_child + ;; +esac + +#DEBHELPER# + --- sssd-1.13.4.orig/debian/sssd-krb5.install +++ sssd-1.13.4/debian/sssd-krb5.install @@ -0,0 +1,2 @@ +usr/lib/*/sssd/libsss_krb5.so +usr/share/man/man5/sssd-krb5.5* --- sssd-1.13.4.orig/debian/sssd-ldap.install +++ sssd-1.13.4/debian/sssd-ldap.install @@ -0,0 +1,2 @@ +usr/lib/*/sssd/libsss_ldap.so +usr/share/man/man5/sssd-ldap.5* --- sssd-1.13.4.orig/debian/sssd-proxy.install +++ sssd-1.13.4/debian/sssd-proxy.install @@ -0,0 +1,2 @@ +usr/lib/*/sssd/libsss_proxy.so +usr/lib/*/sssd/proxy_child --- sssd-1.13.4.orig/debian/sssd-proxy.postinst +++ sssd-1.13.4/debian/sssd-proxy.postinst @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +LIBDIR=/usr/lib/@TRIPLET@/sssd + +case "$1" in + configure) + chown root:sssd $LIBDIR/proxy_child + chmod 4754 $LIBDIR/proxy_child + ;; +esac + +#DEBHELPER# --- sssd-1.13.4.orig/debian/sssd-tools.install +++ sssd-1.13.4/debian/sssd-tools.install @@ -0,0 +1,24 @@ +usr/sbin/sss_cache +usr/sbin/sss_debuglevel +usr/sbin/sss_groupadd +usr/sbin/sss_groupdel +usr/sbin/sss_groupmod +usr/sbin/sss_groupshow +usr/sbin/sss_obfuscate +usr/sbin/sss_override +usr/sbin/sss_seed +usr/sbin/sss_useradd +usr/sbin/sss_userdel +usr/sbin/sss_usermod +usr/share/man/man8/sss_cache.8* +usr/share/man/man8/sss_debuglevel.8* +usr/share/man/man8/sss_groupadd.8* +usr/share/man/man8/sss_groupdel.8* +usr/share/man/man8/sss_groupmod.8* +usr/share/man/man8/sss_groupshow.8* +usr/share/man/man8/sss_obfuscate.8* +usr/share/man/man8/sss_override.8* +usr/share/man/man8/sss_seed.8* +usr/share/man/man8/sss_useradd.8* +usr/share/man/man8/sss_userdel.8* +usr/share/man/man8/sss_usermod.8* --- sssd-1.13.4.orig/debian/sssd.maintscript +++ sssd-1.13.4/debian/sssd.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/logrotate.d/sssd 1.12.5-3~ --- sssd-1.13.4.orig/debian/upstream/signing-key.asc +++ sssd-1.13.4/debian/upstream/signing-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.3 + +mQGiBEXDdfURBACLDLdnY7LeLJ7fh3HQWojKuMtJGV3tmTRtt58XnEf/FPJae0MUXQDAKJM7 +MDYf0yDNT6Nq6WMQDAIHznFdGRTTSaD97kMeYO11i60FfZ9nM88XJCv0R+OiWh8d7ChCG6ri +v/AUeNtg++casIQNB8xK9HKLFBS1e+q3b+rXTS9crwCg7FWXqZoZrm4lPlBZQltfhzdmvn8D +/3CyvgtW5hwr7w+ScQcYnBxdVCtMPSEo541Ealjgq9Knn4sE9lnGjtG4RCYMT2Sideognk9A +h5nWOGynwta6cluCEqlF6ORJPKpAeqG1a2zpn3iSPbUiyRF+udta9sbwL0hsJTcPTGzvDZO/ +XtMoHSSyPi/Xum6R+jwISv7nTMQpA/0efY/Gy/SZrulBgQqKBMbaW2phvgRThph4n31IYrlS +B6tAqN0G7VL6AFcsiOJZPhu0TNqEOSYE6Mh5/YBwRPnrKMHZYXiKOeUrfjvURVq+l5dTX7KN +tbnCrhS+Rlgq1uin5L7g8QbAKMns32Mo1MxB5aN0YUL5pTbJuWL0Sb2Kb7QhSmFrdWIgSHJv +emVrIDxqaHJvemVrQHJlZGhhdC5jb20+iEYEEBECAAYFAkoAZ+EACgkQeiVVYja6o6PaUgCc +C1uIdzSouXkz/Hpc8WIq5bbdMCkAoIi6PtlzQuiCQgzN39VcFzIdnUfuiEYEEBECAAYFAkoA +aA0ACgkQWAkQHAJrbG8paQCgle0IkEHUEpBG3T+despZYg2KaIwAnRRsCazy6CeJfOuP0IVG +Y8FKWedYiEYEEBECAAYFAkoAcQUACgkQGliNByGNTpdfzgCfVdjXUF5AXkDJ78q2N9biKECo +GTEAoJWdxJJAI6kE54tSCay6LkqU49etiEgEEBECAAkFAkoAZiECBwAACgkQUDGHpI6P4rpH +YgCWJtMmuHsk2/znWsUfqALeXL3LXQCgpmRUJbjVee51ja2KSLRqslUZZ1KIXwQTEQIAIAUC +RcN19QIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEB7Gq3Uy57wlIcEAoKNgX8eyFiQn +ylJlOKUs7TJsxY4XAJiU6oXuJwZUMVPjZbcKiot+BqMKiQIcBBABAgAGBQJKAGrfAAoJEKqM +a5A1GvYd/CsP/1eHH2Ogbp9ycbPBc7pO5iLwBDPE81a4SMXqLcs0VS4Ps5d4gpjGo6CilNb6 +gi5GTK4gmpQqFHYmzRSacO5aYnwSeueGYpI+jMxDeQcbabwA9oquOhckYuQ4tM6Cmnwdiym4 +0RsIA+8zEnZuzQywUD7h/b1xRjoEeLAe24UPdF0qMypChdF0EGXhosaapmxhXe31F/qqa2uH +LUpECwJb417y9aVxDxtq4tnWh3kjpFMrLkX8NA2qMkBO9csI0lRVkDu+Ofs0V7yc3MjART2k +azYI7VkpVbqRc4QHnzfD3MLR2sgycEc5HQzJZYhe84AYATz8bqwptJlDi2pfEx11rHpVeGGN +/I2hjitsARsNUIopYyNdXpbwCk4xv2U+uZzGpgzpt/siU4t1oKHc+P2gJ5xrazRan3gEd6QF +XrWHq1+sdV4pUFM2R3UZt8z8NquRposHPn9ldNEpxNVkjbTZiY6D+f3yIUa43z6f4B2gWSuI +Gq2ayIVGSKaf+hxzFa9sFsMJ1VeGsYt9g3zxnWRFEJRup0/VasVCqkMan0YoXOJB5+R2Ie73 +WWfoLlv2KozPDL91D1sXhxschxHHnQ8ro3Nl80s+yCNINhBK3+UUZsE/THlU7KQvq2j8dy85 +frWvjPylNddJsXGRzBVTu629Gkhm3glVMPrfi5CEZkuRC4FOiQIcBBABAgAGBQJNsBsGAAoJ +EK184QA5M3MO9bMP/R4d3Xvhx65ayuLTehyoi0CAdaCU6wbxvO922rzSu57i0JY2Ef14ZXF2 +2RDrkAPgbw6S+wF8GRT4NKvfYaVx9oYunvD1OTa5EfEjG2KvJrKOsOKUCD7yQxKXGhP7K8sc +AiuZk4rCgfX9+O4RpqRdl1/EqCEBzUZaU79RN/KLqapddtF0H4tyLWpWSyrQs8PjGRJmeh3J +7RuD7ZYC4XRtvpx3IDqn6+RCQFhb/EpGX7EwxbKgapmpD+9W2vqLHbM655w6/hc68J4bnE80 +DnZKc659HuNvRGitzS7ShbI+8h5TUHcxsEsQCnfKkrkfdQo79878IKBmlJKC1WqUBZbbvdIT +fVToL9dtShHiNoy4jVuxUoizEAXEIjdi52MHhAY5I6wWyrDOV9Ftg9ZLwa6MbH31EKUbRMmP +75y0ID4RQCINqP7HMu5vlHRBKAKC1Tf3DqRZJIU61v4A3WR6IMGNXaoVFbQwB6YXsOkJPiN1 +vgrqo42Z+rNRFFkCj341RJO2KNpjeUdeKVSyDmEb22wiRLEgXnmk902uOJN1HFcj7/JjlXGR +R24Zu0C97B+HNdlmWVnxJx/aNx2zkGnjdAjMLy1bosMJSPyAJVWnKU3TmrsB4raPeawbk8OS +mwzRCiIl9VDlBjaDK4E4+0I05/BNMWvsEMOeGeJdKU/OhWYPnoBWuQINBEXDdgAQCAC6qjQX +EfVe106L+pbq/61Z2pgcuP9/RWiqPVxulL5w4M1NpfX9d/gme/q+biU4bmAiSoPV7lQKkbmk +Mm8ySuljSVhGvlEagLb20dlhd8QFUSR2G5TtlNJBFqiK0rlNLCM6Ploq8VIcSMysJZwZJRqM +QJCREfBlvccrbCqoFasmOOM+2P7lxCD6wqntmnrFTeJmUyhV91iL/MZ6e6YKnlIybwJlnmBy +w1mGMi2RPDDkr/83orPjWgxjIeWCHTb0kPQsc+Appw/cp4QQPNIMTH9JIQXjMP8R8sMd6GBr ++fRmKw2bF3G578EjYubuqoY0O1X6prXukgnp899p9tIAphq3AAQLB/9K4yRk3fpQOyg6fTqo +itiLkkGyzew5+F4kSepQgQ7QkKnJv5+qKx2qhMkzQbmAWkK+5k4AKnPNW/RaOGUwjI+X/tS4 +/gpgjosaoABGo3GwdPsU3FPRS/pBHx8Y9CpV0UsUF3roQEv0+c63dENjC0mUP1ww1Q2nNYRe +MndEKTSVkXZ6WOk+W7Q6vnc66KiaaeGZyaPFHmC8x/ikupRGERnZTTKVGJOJMiTRjIgBKwOc +B/QEKUVfPiLipIPqMmWgqitELsy7zvGLUMbgwv4VgL/Z3ncjw6ocFGG01S38Zty2GwcPEWrm +JWk3HAMBfW+vrk9a/3ym9MycmaMgOF+DAkx0iEkEGBECAAkFAkXDdgACGwwACgkQHsardTLn +vCWU5wCgqQcHeUMVaVQ1xIt1EJDF+wILLvMAn0YtJTYbQdH6FBUyLY42isSL8TJM +=+iK5 +-----END PGP PUBLIC KEY BLOCK----- --- sssd-1.13.4.orig/debian/watch +++ sssd-1.13.4/debian/watch @@ -0,0 +1,4 @@ +#git=git://git.fedorahosted.org/sssd.git +version=3 +opts="uversionmangle=s/alpha/~alpha/;s/beta/~beta/,pgpsigurlmangle=s/$/.asc/" \ +https://fedorahosted.org/released/sssd/sssd-(.*)\.tar\.gz --- sssd-1.13.4.orig/po/ca.po +++ sssd-1.13.4/po/ca.po @@ -0,0 +1,2138 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Red Hat, Inc. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +# muzzol , 2012 +# muzzol , 2012 +# muzzol , 2012 +# sgallagh , 2011 +# sgallagh , 2011 +# Robert Antoni Buj Gelonch , 2015. #zanata +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2015-06-22 11:41+0200\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-10-18 03:21-0400\n" +"Last-Translator: jhrozek \n" +"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/ca/" +")\n" +"Language: ca\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#: src/config/SSSDConfig/__init__.py.in:43 +msgid "Set the verbosity of the debug logging" +msgstr "Estableix la verbositat del registre de depuració" + +#: src/config/SSSDConfig/__init__.py.in:44 +msgid "Include timestamps in debug logs" +msgstr "Inclou les marques temporals als registres de depuració" + +#: src/config/SSSDConfig/__init__.py.in:45 +msgid "Include microseconds in timestamps in debug logs" +msgstr "" +"Inclou els mil·lisegons a les marques temporals als registres de depuració" + +#: src/config/SSSDConfig/__init__.py.in:46 +msgid "Write debug messages to logfiles" +msgstr "Escriu els missatges de depuració als fitxers dels registres" + +#: src/config/SSSDConfig/__init__.py.in:47 +msgid "Ping timeout before restarting service" +msgstr "El temps d'expiració del ping abans de reiniciar el servei" + +#: src/config/SSSDConfig/__init__.py.in:48 +msgid "" +"Timeout between three failed ping checks and forcibly killing the service" +msgstr "" +"El temps d'expiració entre les tres comprovacions fallides del ping i matar " +"forçadament el servei" + +#: src/config/SSSDConfig/__init__.py.in:49 +msgid "Command to start service" +msgstr "L'ordre per iniciar el servei" + +#: src/config/SSSDConfig/__init__.py.in:50 +msgid "Number of times to attempt connection to Data Providers" +msgstr "El nombre de vegades per intentar la connexió als proveïdors de dades" + +#: src/config/SSSDConfig/__init__.py.in:51 +msgid "The number of file descriptors that may be opened by this responder" +msgstr "" +"El nombre de descriptors de fitxers que poden estar oberts per aquest " +"contestador" + +#: src/config/SSSDConfig/__init__.py.in:52 +msgid "Idle time before automatic disconnection of a client" +msgstr "El temps d'inactivitat abans de la desconnexió automàtica d'un client" + +#: src/config/SSSDConfig/__init__.py.in:55 +msgid "SSSD Services to start" +msgstr "Els serveis del SSSD a iniciar" + +#: src/config/SSSDConfig/__init__.py.in:56 +msgid "SSSD Domains to start" +msgstr "Els dominis del SSSD a iniciar" + +#: src/config/SSSDConfig/__init__.py.in:57 +msgid "Timeout for messages sent over the SBUS" +msgstr "El temps d'expiració per als missatges enviats a través del SBUS" + +#: src/config/SSSDConfig/__init__.py.in:58 +msgid "Regex to parse username and domain" +msgstr "L'expressió regular per analitzar el nom d'usuari i el domini" + +#: src/config/SSSDConfig/__init__.py.in:59 +msgid "Printf-compatible format for displaying fully-qualified names" +msgstr "Format compatible amb printf per mostrar els FQN" + +#: src/config/SSSDConfig/__init__.py.in:60 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"El directori del sistema de fitxers on el SSSD ha d'emmagatzemar els fitxers " +"de la memòria cau de repetició de Kerberos." + +#: src/config/SSSDConfig/__init__.py.in:61 +msgid "Domain to add to names without a domain component." +msgstr "El domini per afegir als noms sense un component de domini." + +#: src/config/SSSDConfig/__init__.py.in:62 +msgid "The user to drop privileges to" +msgstr "L'usuari a qui se li disminueixen els permisos" + +#: src/config/SSSDConfig/__init__.py.in:65 +msgid "Enumeration cache timeout length (seconds)" +msgstr "" +"Període de temps per a l'expiració de la memòria cau de les enumeracions (en " +"segons)" + +#: src/config/SSSDConfig/__init__.py.in:66 +msgid "Entry cache background update timeout length (seconds)" +msgstr "" +"Període de temps per a l'expiració de l'actualització en rerefons de les " +"entrades de la memòria cau (en segons)" + +#: src/config/SSSDConfig/__init__.py.in:67 +#: src/config/SSSDConfig/__init__.py.in:97 +msgid "Negative cache timeout length (seconds)" +msgstr "" +"Període de temps per a l'expiració de la memòria cau negativa (en segons)" + +#: src/config/SSSDConfig/__init__.py.in:68 +msgid "Users that SSSD should explicitly ignore" +msgstr "Els usuaris que l'SSSD hauria d'ignorar explícitament" + +#: src/config/SSSDConfig/__init__.py.in:69 +msgid "Groups that SSSD should explicitly ignore" +msgstr "Els grups que l'SSSD hauria d'ignorar explícitament" + +#: src/config/SSSDConfig/__init__.py.in:70 +msgid "Should filtered users appear in groups" +msgstr "Si els usuaris filtrats han d'aparèixer als grups" + +#: src/config/SSSDConfig/__init__.py.in:71 +msgid "The value of the password field the NSS provider should return" +msgstr "" +"El valor del camp de la contrasenya que ha de retornar el proveïdor NSS" + +#: src/config/SSSDConfig/__init__.py.in:72 +msgid "Override homedir value from the identity provider with this value" +msgstr "" +"Substitueix el valor de homedir del proveïdor d'identitat amb aquest valor" + +#: src/config/SSSDConfig/__init__.py.in:73 +msgid "" +"Substitute empty homedir value from the identity provider with this value" +msgstr "" +"Substitueix el valor buit de homedir del proveïdor d'identitat amb aquest " +"valor" + +#: src/config/SSSDConfig/__init__.py.in:74 +msgid "Override shell value from the identity provider with this value" +msgstr "" +"Substitueix el valor del shell del proveïdor d'identitat amb aquest valor" + +#: src/config/SSSDConfig/__init__.py.in:75 +msgid "The list of shells users are allowed to log in with" +msgstr "" +"La llista dels shells que els usuaris poden utilitzar per iniciar la sessió" + +#: src/config/SSSDConfig/__init__.py.in:76 +msgid "" +"The list of shells that will be vetoed, and replaced with the fallback shell" +msgstr "" +"La llista dels shells que es vetaran i se substituiran amb el shell " +"alternatiu" + +#: src/config/SSSDConfig/__init__.py.in:77 +msgid "" +"If a shell stored in central directory is allowed but not available, use " +"this fallback" +msgstr "" +"Si un shell emmagatzemat al directori central està permès però no es troba " +"disponible, utilitza aquesta alternativa" + +#: src/config/SSSDConfig/__init__.py.in:78 +msgid "Shell to use if the provider does not list one" +msgstr "El shell a utilitzar si el proveïdor no en llista cap" + +#: src/config/SSSDConfig/__init__.py.in:79 +msgid "How long will be in-memory cache records valid" +msgstr "Quant de temps seran vàlids els registres a la memòria cau" + +#: src/config/SSSDConfig/__init__.py.in:80 +msgid "All spaces in group or user names will be replaced with this character" +msgstr "" +"Tots els espais, als noms dels grups o dels usuaris, se substituiran amb " +"aquest caràcter" + +#: src/config/SSSDConfig/__init__.py.in:83 +msgid "How long to allow cached logins between online logins (days)" +msgstr "" +"Quant de temps s'ha de permetre entre els inicis de sessions en memòria cau " +"i els inicis de sessions en línia (en dies)" + +#: src/config/SSSDConfig/__init__.py.in:84 +msgid "How many failed logins attempts are allowed when offline" +msgstr "" +"Quants intents fallits d'inicis de sessió es permeten quan s'està " +"desconnectat" + +#: src/config/SSSDConfig/__init__.py.in:85 +msgid "" +"How long (minutes) to deny login after offline_failed_login_attempts has " +"been reached" +msgstr "" +"Quant de temps (en minuts) s'ha de denegar l'inici de sessió després d'haver " +"assolit offline_failed_login_attempts" + +#: src/config/SSSDConfig/__init__.py.in:86 +msgid "What kind of messages are displayed to the user during authentication" +msgstr "Quins tipus de missatges es mostren a l'usuari durant l'autenticació" + +#: src/config/SSSDConfig/__init__.py.in:87 +msgid "How many seconds to keep identity information cached for PAM requests" +msgstr "" +"Quants segons s'ha de mantenir la informació en la memòria cau per a les " +"peticions PAM" + +#: src/config/SSSDConfig/__init__.py.in:88 +msgid "How many days before password expiration a warning should be displayed" +msgstr "" +"Quants dies abans del venciment de la contrasenya s'hauria de mostrar una " +"advertència" + +#: src/config/SSSDConfig/__init__.py.in:89 +msgid "List of trusted uids or user's name" +msgstr "La llista dels uid o dels noms d'usuari de confiança" + +#: src/config/SSSDConfig/__init__.py.in:90 +msgid "List of domains accessible even for untrusted users." +msgstr "" +"La llista dels dominis accessibles fins i tot per als usuaris que no són de " +"confiança." + +#: src/config/SSSDConfig/__init__.py.in:91 +msgid "Message printed when user account is expired." +msgstr "El missatge que es mostra quan venç el compte de l'usuari." + +#: src/config/SSSDConfig/__init__.py.in:94 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "Si s'avaluen els atributs basats en temps a les regles sudo" + +#: src/config/SSSDConfig/__init__.py.in:100 +msgid "Whether to hash host names and addresses in the known_hosts file" +msgstr "" +"Si s'esbocinen els noms i les adreces dels amfitrions al fitxer known_hosts" + +#: src/config/SSSDConfig/__init__.py.in:101 +msgid "" +"How many seconds to keep a host in the known_hosts file after its host keys " +"were requested" +msgstr "" +"Quants segons s'ha de mantenir un amfitrió al fitxer known_hosts després que " +"s'hagi sol·licitat la seva clau" + +#: src/config/SSSDConfig/__init__.py.in:104 +msgid "List of UIDs or user names allowed to access the PAC responder" +msgstr "" +"La llista dels UID o dels noms d'usuari que poden accedir al contestador del " +"PAC" + +#: src/config/SSSDConfig/__init__.py.in:107 +msgid "List of UIDs or user names allowed to access the InfoPipe responder" +msgstr "" +"La llista dels UID o dels noms d'usuari que poden accedir al contestador de " +"l'InfoPipe" + +#: src/config/SSSDConfig/__init__.py.in:108 +msgid "List of user attributes the InfoPipe is allowed to publish" +msgstr "La llista dels atributs de l'usuari que l'InfoPipe pot publicar" + +#: src/config/SSSDConfig/__init__.py.in:111 +msgid "Identity provider" +msgstr "Proveïdor d'identitat" + +#: src/config/SSSDConfig/__init__.py.in:112 +msgid "Authentication provider" +msgstr "Proveïdor d'autenticació" + +#: src/config/SSSDConfig/__init__.py.in:113 +msgid "Access control provider" +msgstr "Proveïdor de control d'accés" + +#: src/config/SSSDConfig/__init__.py.in:114 +msgid "Password change provider" +msgstr "Proveïdor de canvi de contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:115 +msgid "SUDO provider" +msgstr "Proveïdor de SUDO" + +#: src/config/SSSDConfig/__init__.py.in:116 +msgid "Autofs provider" +msgstr "Proveïdor d'Autofs" + +#: src/config/SSSDConfig/__init__.py.in:117 +msgid "Session-loading provider" +msgstr "Proveïdor de càrrega de sessió" + +#: src/config/SSSDConfig/__init__.py.in:118 +msgid "Host identity provider" +msgstr "Proveïdor d'identitat d'amfitrions" + +#: src/config/SSSDConfig/__init__.py.in:121 +msgid "Minimum user ID" +msgstr "Id. mínim d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:122 +msgid "Maximum user ID" +msgstr "Id. màxim d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:123 +msgid "Enable enumerating all users/groups" +msgstr "Habilita l'enumeració de tots els usuaris/grups" + +#: src/config/SSSDConfig/__init__.py.in:124 +msgid "Cache credentials for offline login" +msgstr "Credencials en memòria cau per als inicis de sessions sense connexió" + +#: src/config/SSSDConfig/__init__.py.in:125 +msgid "Store password hashes" +msgstr "Emmagatzema els codis hash de les contrasenyes" + +#: src/config/SSSDConfig/__init__.py.in:126 +msgid "Display users/groups in fully-qualified form" +msgstr "Mostra els usuaris/grups en format plenament qualificat" + +#: src/config/SSSDConfig/__init__.py.in:127 +msgid "Don't include group members in group lookups" +msgstr "No incloure als membres dels grups en la recerca del grup" + +#: src/config/SSSDConfig/__init__.py.in:128 +#: src/config/SSSDConfig/__init__.py.in:135 +#: src/config/SSSDConfig/__init__.py.in:136 +#: src/config/SSSDConfig/__init__.py.in:137 +#: src/config/SSSDConfig/__init__.py.in:138 +#: src/config/SSSDConfig/__init__.py.in:139 +#: src/config/SSSDConfig/__init__.py.in:140 +msgid "Entry cache timeout length (seconds)" +msgstr "" +"Període de temps per a l'expiració de les entrades de la memòria cau (en " +"segons)" + +#: src/config/SSSDConfig/__init__.py.in:129 +msgid "" +"Restrict or prefer a specific address family when performing DNS lookups" +msgstr "" +"Restringeix o prefereix una família específica d'adreces quan es realitzi la " +"recerca del DNS" + +#: src/config/SSSDConfig/__init__.py.in:130 +msgid "How long to keep cached entries after last successful login (days)" +msgstr "" +"Quant de temps s'han de mantenir les entrades en la memòria cau després de " +"l'últim inici de sessió reeixit (en dies)" + +#: src/config/SSSDConfig/__init__.py.in:131 +msgid "How long to wait for replies from DNS when resolving servers (seconds)" +msgstr "" +"Temps d'expiració per a les respostes del DNS en la resolució dels servidors " +"(en segons)" + +#: src/config/SSSDConfig/__init__.py.in:132 +msgid "The domain part of service discovery DNS query" +msgstr "La part del domini de la consulta DNS del descobriment del servei" + +#: src/config/SSSDConfig/__init__.py.in:133 +msgid "Override GID value from the identity provider with this value" +msgstr "" +"Substitueix el valor del GID del proveïdor d'identitat amb aquest valor" + +#: src/config/SSSDConfig/__init__.py.in:134 +msgid "Treat usernames as case sensitive" +msgstr "Distingeix entre majúscules i minúscules als noms d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:141 +msgid "How often should expired entries be refreshed in background" +msgstr "Amb quina freqüència les entrades vençudes s'actualitzen al rerefons" + +#: src/config/SSSDConfig/__init__.py.in:142 +msgid "Whether to automatically update the client's DNS entry" +msgstr "Si s'actualitza automàticament l'entrada DNS del client" + +#: src/config/SSSDConfig/__init__.py.in:143 +#: src/config/SSSDConfig/__init__.py.in:159 +msgid "The TTL to apply to the client's DNS entry after updating it" +msgstr "" +"El TTL per aplicar a l'entrada DNS del client després d'actualitzar-ho" + +#: src/config/SSSDConfig/__init__.py.in:144 +#: src/config/SSSDConfig/__init__.py.in:160 +msgid "The interface whose IP should be used for dynamic DNS updates" +msgstr "" +"La interfície amb la IP que s'hauria d'utilitzar per a les actualitzacions " +"dinàmiques DNS" + +#: src/config/SSSDConfig/__init__.py.in:145 +msgid "How often to periodically update the client's DNS entry" +msgstr "Cada quant s'actualitzarà automàticament l'entrada DNS del client" + +#: src/config/SSSDConfig/__init__.py.in:146 +msgid "Whether the provider should explicitly update the PTR record as well" +msgstr "Si el proveïdor ha d'actualitzar explícitament així el registre PTR" + +#: src/config/SSSDConfig/__init__.py.in:147 +msgid "Whether the nsupdate utility should default to using TCP" +msgstr "Si la utilitat nsupdate per defecte ha d'utilitzar TCP" + +#: src/config/SSSDConfig/__init__.py.in:148 +msgid "What kind of authentication should be used to perform the DNS update" +msgstr "" +"Quin tipus d'autenticació s'ha d'utilitzar per realitzar l'actualització del " +"DNS" + +#: src/config/SSSDConfig/__init__.py.in:149 +msgid "Control enumeration of trusted domains" +msgstr "Control de l'enumeració dels amfitrions de confiança" + +#: src/config/SSSDConfig/__init__.py.in:150 +msgid "How often should subdomains list be refreshed" +msgstr "Amb quina freqüència s'ha de refrescar la llista dels subdominis" + +#: src/config/SSSDConfig/__init__.py.in:151 +msgid "List of options that should be inherited into a subdomain" +msgstr "Llista de les opcions que han de ser inherents a un subdomini" + +#: src/config/SSSDConfig/__init__.py.in:154 +msgid "IPA domain" +msgstr "Domini IPA" + +#: src/config/SSSDConfig/__init__.py.in:155 +msgid "IPA server address" +msgstr "Adreça del servidor IPA" + +#: src/config/SSSDConfig/__init__.py.in:156 +msgid "Address of backup IPA server" +msgstr "Adreça del servidor IPA de reserva " + +#: src/config/SSSDConfig/__init__.py.in:157 +msgid "IPA client hostname" +msgstr "Nom d'amfitrió del client IPA" + +#: src/config/SSSDConfig/__init__.py.in:158 +msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgstr "Si s'actualitza automàticament l'entrada DNS del client a FreeIPA" + +#: src/config/SSSDConfig/__init__.py.in:161 +msgid "Search base for HBAC related objects" +msgstr "Base de cerca per als objectes relacionats amb HBAC" + +#: src/config/SSSDConfig/__init__.py.in:162 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server" +msgstr "" +"Quantitat de temps entre recerques de les regles HBAC contra el servidor IPA" + +#: src/config/SSSDConfig/__init__.py.in:163 +msgid "" +"The amount of time in seconds between lookups of the SELinux maps against " +"the IPA server" +msgstr "" +"Quantitat de temps en segons entre recerques de les assignacions SELinux " +"contra el servidor IPA" + +#: src/config/SSSDConfig/__init__.py.in:164 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" +"Si s'estableix a fals, s'ignorarà l'argument de l'amfitrió proporcionat amb " +"PAM" + +#: src/config/SSSDConfig/__init__.py.in:165 +msgid "The automounter location this IPA client is using" +msgstr "" +"La ubicació de l'eina de muntatge automàtic que aquest client IPA està " +"utilitzant" + +#: src/config/SSSDConfig/__init__.py.in:166 +msgid "Search base for object containing info about IPA domain" +msgstr "" +"Base de cerca per a l'objecte que conté la informació sobre el domini de " +"l'IPA" + +#: src/config/SSSDConfig/__init__.py.in:167 +msgid "Search base for objects containing info about ID ranges" +msgstr "" +"Base de cerca per als objectes que contenen informació sobre els intervals " +"d'id." + +#: src/config/SSSDConfig/__init__.py.in:168 +#: src/config/SSSDConfig/__init__.py.in:182 +msgid "Enable DNS sites - location based service discovery" +msgstr "" +"Habilita els llocs DNS - el descobriment del servei es basa en la ubicació" + +#: src/config/SSSDConfig/__init__.py.in:169 +msgid "Search base for view containers" +msgstr "Base de cerca per als contenidors de la vista" + +#: src/config/SSSDConfig/__init__.py.in:170 +msgid "Objectclass for view containers" +msgstr "Objectclass per als contenidors de la vista" + +#: src/config/SSSDConfig/__init__.py.in:171 +msgid "Attribute with the name of the view" +msgstr "L'atribut amb el nom de la vista" + +#: src/config/SSSDConfig/__init__.py.in:172 +msgid "Objectclass for override objects" +msgstr "Objectclass per substituir els objectes" + +#: src/config/SSSDConfig/__init__.py.in:173 +msgid "Attribute with the reference to the original object" +msgstr "L'atribut amb la referència a l'objecte original" + +#: src/config/SSSDConfig/__init__.py.in:174 +msgid "Objectclass for user override objects" +msgstr "Objectclass per als objectes de substitució d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:175 +msgid "Objectclass for group override objects" +msgstr "Objectclass per als objectes de substitució de grup" + +#: src/config/SSSDConfig/__init__.py.in:178 +msgid "Active Directory domain" +msgstr "Domini Active Directory" + +#: src/config/SSSDConfig/__init__.py.in:179 +msgid "Active Directory server address" +msgstr "Adreça del servidor de l'Active Directory" + +#: src/config/SSSDConfig/__init__.py.in:180 +msgid "Active Directory backup server address" +msgstr "Adreça del servidor de l'Active Directory de reserva" + +#: src/config/SSSDConfig/__init__.py.in:181 +msgid "Active Directory client hostname" +msgstr "Nom d'amfitrió del client d'Active Directory" + +#: src/config/SSSDConfig/__init__.py.in:183 +#: src/config/SSSDConfig/__init__.py.in:362 +msgid "LDAP filter to determine access privileges" +msgstr "Filtre LDAP per determinar els privilegis d'accés" + +#: src/config/SSSDConfig/__init__.py.in:184 +msgid "Whether to use the Global Catalog for lookups" +msgstr "Si s'utilitza el catàleg global per a les recerques" + +#: src/config/SSSDConfig/__init__.py.in:185 +msgid "Operation mode for GPO-based access control" +msgstr "Mode d'operació per al control d'accés basat en GPO" + +#: src/config/SSSDConfig/__init__.py.in:186 +msgid "" +"The amount of time between lookups of the GPO policy files against the AD " +"server" +msgstr "" +"Quantitat de temps entre recerques de fitxers de polítiques GPO contra el " +"servidor d'AD" + +#: src/config/SSSDConfig/__init__.py.in:187 +msgid "" +"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " +"settings" +msgstr "" +"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " +"(Deny)InteractiveLogonRight del GPO" + +#: src/config/SSSDConfig/__init__.py.in:188 +msgid "" +"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " +"policy settings" +msgstr "" +"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " +"(Deny)RemoteInteractiveLogonRight del GPO" + +#: src/config/SSSDConfig/__init__.py.in:189 +msgid "" +"PAM service names that map to the GPO (Deny)NetworkLogonRight policy " +"settings" +msgstr "" +"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " +"(Deny)NetworkLogonRight del GPO" + +#: src/config/SSSDConfig/__init__.py.in:190 +msgid "" +"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" +msgstr "" +"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " +"(Deny)BatchLogonRight del GPO" + +#: src/config/SSSDConfig/__init__.py.in:191 +msgid "" +"PAM service names that map to the GPO (Deny)ServiceLogonRight policy " +"settings" +msgstr "" +"Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " +"(Deny)ServiceLogonRight del GPO" + +#: src/config/SSSDConfig/__init__.py.in:192 +msgid "PAM service names for which GPO-based access is always granted" +msgstr "" +"Noms dels serveis del PAM als quals sempre se'ls garanteix l'accés basat en " +"GPO" + +#: src/config/SSSDConfig/__init__.py.in:193 +msgid "PAM service names for which GPO-based access is always denied" +msgstr "" +"Noms dels serveis del PAM als quals sempre se'ls denega l'accés basat en GPO" + +#: src/config/SSSDConfig/__init__.py.in:194 +msgid "" +"Default logon right (or permit/deny) to use for unmapped PAM service names" +msgstr "" +"Dret (permet o denega) predeterminat de l'inici de sessió a utilitzar per " +"als noms dels serveis del PAM sense assignar" + +#: src/config/SSSDConfig/__init__.py.in:195 +msgid "a particular site to be used by the client" +msgstr "un lloc determinat per utilitzar amb el client" + +#: src/config/SSSDConfig/__init__.py.in:198 +#: src/config/SSSDConfig/__init__.py.in:199 +msgid "Kerberos server address" +msgstr "Adreça del servidor Kerberos" + +#: src/config/SSSDConfig/__init__.py.in:200 +msgid "Kerberos backup server address" +msgstr "Adreça del servidor Kerberos de reserva" + +#: src/config/SSSDConfig/__init__.py.in:201 +msgid "Kerberos realm" +msgstr "Reialme Kerberos" + +#: src/config/SSSDConfig/__init__.py.in:202 +msgid "Authentication timeout" +msgstr "Temps d'expiració de l'autenticació" + +#: src/config/SSSDConfig/__init__.py.in:203 +msgid "Whether to create kdcinfo files" +msgstr "Si es creen els fitxers kdcinfo" + +#: src/config/SSSDConfig/__init__.py.in:204 +msgid "Where to drop krb5 config snippets" +msgstr "Si es rebutgen les parts de la configuració del krb5" + +#: src/config/SSSDConfig/__init__.py.in:207 +msgid "Directory to store credential caches" +msgstr "Directori per emmagatzemar la memòria cau de les credencials" + +#: src/config/SSSDConfig/__init__.py.in:208 +msgid "Location of the user's credential cache" +msgstr "Ubicació de la memòria cau de les credencials de l'usuari" + +#: src/config/SSSDConfig/__init__.py.in:209 +msgid "Location of the keytab to validate credentials" +msgstr "Ubicació de la clau per validar les credencials" + +#: src/config/SSSDConfig/__init__.py.in:210 +msgid "Enable credential validation" +msgstr "Habilita la validació de credencials" + +#: src/config/SSSDConfig/__init__.py.in:211 +msgid "Store password if offline for later online authentication" +msgstr "" +"Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació " +"posterior amb connexió" + +#: src/config/SSSDConfig/__init__.py.in:212 +msgid "Renewable lifetime of the TGT" +msgstr "Temps de vida renovable del TGT" + +#: src/config/SSSDConfig/__init__.py.in:213 +msgid "Lifetime of the TGT" +msgstr "Temps de vida del TGT" + +#: src/config/SSSDConfig/__init__.py.in:214 +msgid "Time between two checks for renewal" +msgstr "Temps entre les dues comprovacions per a la renovació" + +#: src/config/SSSDConfig/__init__.py.in:215 +msgid "Enables FAST" +msgstr "Habilita FAST" + +#: src/config/SSSDConfig/__init__.py.in:216 +msgid "Selects the principal to use for FAST" +msgstr "Selecciona el principal per utilitzar amb FAST" + +#: src/config/SSSDConfig/__init__.py.in:217 +msgid "Enables principal canonicalization" +msgstr "Habilita la canonització del principal" + +#: src/config/SSSDConfig/__init__.py.in:218 +msgid "Enables enterprise principals" +msgstr "Habilita els principals empresarials" + +#: src/config/SSSDConfig/__init__.py.in:219 +msgid "A mapping from user names to kerberos principal names" +msgstr "" +"Una assignació des dels noms dels usuaris als noms del principal de kerberos" + +#: src/config/SSSDConfig/__init__.py.in:222 +#: src/config/SSSDConfig/__init__.py.in:223 +msgid "Server where the change password service is running if not on the KDC" +msgstr "" +"Servidor on es troba el servei de canvi de contrasenya si no està al KDC" + +#: src/config/SSSDConfig/__init__.py.in:226 +msgid "ldap_uri, The URI of the LDAP server" +msgstr "ldap_uri, La URI del servidor LDAP" + +#: src/config/SSSDConfig/__init__.py.in:227 +msgid "ldap_backup_uri, The URI of the LDAP server" +msgstr "ldap_backup_uri, la URI del servidor LDAP" + +#: src/config/SSSDConfig/__init__.py.in:228 +msgid "The default base DN" +msgstr "El DN base per defecte" + +#: src/config/SSSDConfig/__init__.py.in:229 +msgid "The Schema Type in use on the LDAP server, rfc2307" +msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307" + +#: src/config/SSSDConfig/__init__.py.in:230 +msgid "The default bind DN" +msgstr "El DN de creació del vincle per defecte" + +#: src/config/SSSDConfig/__init__.py.in:231 +msgid "The type of the authentication token of the default bind DN" +msgstr "" +"El tipus del testimoni d'autenticació del DN de creació del vincle per " +"defecte" + +#: src/config/SSSDConfig/__init__.py.in:232 +msgid "The authentication token of the default bind DN" +msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte" + +#: src/config/SSSDConfig/__init__.py.in:233 +msgid "Length of time to attempt connection" +msgstr "Període de temps per intentar una connexió" + +#: src/config/SSSDConfig/__init__.py.in:234 +msgid "Length of time to attempt synchronous LDAP operations" +msgstr "Període de temps per intentar operacions LDAP asíncrones" + +#: src/config/SSSDConfig/__init__.py.in:235 +msgid "Length of time between attempts to reconnect while offline" +msgstr "" +"Període de temps entre els intents per tornar a connectar mentre s'està " +"desconnectat" + +#: src/config/SSSDConfig/__init__.py.in:236 +msgid "Use only the upper case for realm names" +msgstr "Utilitza només majúscules pels noms de reialme" + +#: src/config/SSSDConfig/__init__.py.in:237 +msgid "File that contains CA certificates" +msgstr "Fitxer que conté els certificats de l'AC" + +#: src/config/SSSDConfig/__init__.py.in:238 +msgid "Path to CA certificate directory" +msgstr "Camí al directori del certificat de l'AC" + +#: src/config/SSSDConfig/__init__.py.in:239 +msgid "File that contains the client certificate" +msgstr "Fitxer que conté el certificat de client" + +#: src/config/SSSDConfig/__init__.py.in:240 +msgid "File that contains the client key" +msgstr "Fitxer que conté la clau de client" + +#: src/config/SSSDConfig/__init__.py.in:241 +msgid "List of possible ciphers suites" +msgstr "Llista de paquets de xifrat possibles" + +#: src/config/SSSDConfig/__init__.py.in:242 +msgid "Require TLS certificate verification" +msgstr "Requereix verificació de certificat TLS" + +#: src/config/SSSDConfig/__init__.py.in:243 +msgid "Specify the sasl mechanism to use" +msgstr "Especifica el mecanisme SASL a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:244 +msgid "Specify the sasl authorization id to use" +msgstr "Especifica l'id. d'autorització SASL a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:245 +msgid "Specify the sasl authorization realm to use" +msgstr "Especifica el reialme d'autorització SASL a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:246 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP" + +#: src/config/SSSDConfig/__init__.py.in:247 +msgid "Kerberos service keytab" +msgstr "Taula de claus del servei del Kerberos" + +#: src/config/SSSDConfig/__init__.py.in:248 +msgid "Use Kerberos auth for LDAP connection" +msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP" + +#: src/config/SSSDConfig/__init__.py.in:249 +msgid "Follow LDAP referrals" +msgstr "Segueix les referències LDAP" + +#: src/config/SSSDConfig/__init__.py.in:250 +msgid "Lifetime of TGT for LDAP connection" +msgstr "Temps de vida del TGT per la connexió LDAP" + +#: src/config/SSSDConfig/__init__.py.in:251 +msgid "How to dereference aliases" +msgstr "Com desreferenciar els àlies" + +#: src/config/SSSDConfig/__init__.py.in:252 +msgid "Service name for DNS service lookups" +msgstr "Nom del servei per a la recerca del servei del DNS" + +#: src/config/SSSDConfig/__init__.py.in:253 +msgid "The number of records to retrieve in a single LDAP query" +msgstr "El nombre de registres a recuperar en una sola consulta LDAP" + +#: src/config/SSSDConfig/__init__.py.in:254 +msgid "The number of members that must be missing to trigger a full deref" +msgstr "" +"El nombre de membres que han de faltar per activar una de-referència " +"completa" + +#: src/config/SSSDConfig/__init__.py.in:255 +msgid "" +"Whether the LDAP library should perform a reverse lookup to canonicalize the " +"host name during a SASL bind" +msgstr "" +"Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar " +"el nom d'amfitrió durant la creació del vincle SASL" + +#: src/config/SSSDConfig/__init__.py.in:257 +msgid "entryUSN attribute" +msgstr "L'atribut entryUSN" + +#: src/config/SSSDConfig/__init__.py.in:258 +msgid "lastUSN attribute" +msgstr "L'atribut lastUSN" + +#: src/config/SSSDConfig/__init__.py.in:260 +msgid "" +"How long to retain a connection to the LDAP server before disconnecting" +msgstr "" +"Quant de temps s'ha de retenir una connexió al servidor LDAP abans de " +"desconnectar" + +#: src/config/SSSDConfig/__init__.py.in:262 +msgid "Disable the LDAP paging control" +msgstr "Inhabilita el control de paginació LDAP" + +#: src/config/SSSDConfig/__init__.py.in:263 +msgid "Disable Active Directory range retrieval" +msgstr "Inhabilita la recuperació de l'interval de l'Active Directory" + +#: src/config/SSSDConfig/__init__.py.in:266 +msgid "Length of time to wait for a search request" +msgstr "Període de temps per esperar una petició de cerca" + +#: src/config/SSSDConfig/__init__.py.in:267 +msgid "Length of time to wait for a enumeration request" +msgstr "Període de temps per esperar una petició d'enumeració" + +#: src/config/SSSDConfig/__init__.py.in:268 +msgid "Length of time between enumeration updates" +msgstr "Període de temps entre les actualitzacions de les enumeracions" + +#: src/config/SSSDConfig/__init__.py.in:269 +msgid "Length of time between cache cleanups" +msgstr "Període de temps entre les neteges de la memòria cau" + +#: src/config/SSSDConfig/__init__.py.in:270 +msgid "Require TLS for ID lookups" +msgstr "Requereix TLS per a la recerca d'id." + +#: src/config/SSSDConfig/__init__.py.in:271 +msgid "Use ID-mapping of objectSID instead of pre-set IDs" +msgstr "" +"Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-" +"establerts" + +#: src/config/SSSDConfig/__init__.py.in:272 +msgid "Base DN for user lookups" +msgstr "DN base per a la recerca de l'usuari" + +#: src/config/SSSDConfig/__init__.py.in:273 +msgid "Scope of user lookups" +msgstr "Abast de la recerca de l'usuari" + +#: src/config/SSSDConfig/__init__.py.in:274 +msgid "Filter for user lookups" +msgstr "Filtre per a la recerca de l'usuari" + +#: src/config/SSSDConfig/__init__.py.in:275 +msgid "Objectclass for users" +msgstr "Objectclass per als usuaris" + +#: src/config/SSSDConfig/__init__.py.in:276 +msgid "Username attribute" +msgstr "L'atribut nom d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:278 +msgid "UID attribute" +msgstr "L'atribut UID" + +#: src/config/SSSDConfig/__init__.py.in:279 +msgid "Primary GID attribute" +msgstr "L'atribut GID primari" + +#: src/config/SSSDConfig/__init__.py.in:280 +msgid "GECOS attribute" +msgstr "L'atribut GECOS" + +#: src/config/SSSDConfig/__init__.py.in:281 +msgid "Home directory attribute" +msgstr "L'atribut directori inicial" + +#: src/config/SSSDConfig/__init__.py.in:282 +msgid "Shell attribute" +msgstr "L'atribut shell" + +#: src/config/SSSDConfig/__init__.py.in:283 +msgid "UUID attribute" +msgstr "L'atribut UUID" + +#: src/config/SSSDConfig/__init__.py.in:284 +#: src/config/SSSDConfig/__init__.py.in:324 +msgid "objectSID attribute" +msgstr "L'atribut objectSID" + +#: src/config/SSSDConfig/__init__.py.in:285 +msgid "Active Directory primary group attribute for ID-mapping" +msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id." + +#: src/config/SSSDConfig/__init__.py.in:286 +msgid "User principal attribute (for Kerberos)" +msgstr "L'atribut usuari principal (per a Kerberos)" + +#: src/config/SSSDConfig/__init__.py.in:287 +msgid "Full Name" +msgstr "Nom complet" + +#: src/config/SSSDConfig/__init__.py.in:288 +msgid "memberOf attribute" +msgstr "L'atribut memberOf" + +#: src/config/SSSDConfig/__init__.py.in:289 +msgid "Modification time attribute" +msgstr "L'atribut data de modificació" + +#: src/config/SSSDConfig/__init__.py.in:291 +msgid "shadowLastChange attribute" +msgstr "L'atribut shadowLastChange" + +#: src/config/SSSDConfig/__init__.py.in:292 +msgid "shadowMin attribute" +msgstr "L'atribut shadowMin" + +#: src/config/SSSDConfig/__init__.py.in:293 +msgid "shadowMax attribute" +msgstr "L'atribut shadowMax" + +#: src/config/SSSDConfig/__init__.py.in:294 +msgid "shadowWarning attribute" +msgstr "L'atribut shadowWarning" + +#: src/config/SSSDConfig/__init__.py.in:295 +msgid "shadowInactive attribute" +msgstr "L'atribut shadowInactive" + +#: src/config/SSSDConfig/__init__.py.in:296 +msgid "shadowExpire attribute" +msgstr "L'atribut shadowExpire" + +#: src/config/SSSDConfig/__init__.py.in:297 +msgid "shadowFlag attribute" +msgstr "L'atribut shadowFlag" + +#: src/config/SSSDConfig/__init__.py.in:298 +msgid "Attribute listing authorized PAM services" +msgstr "L'atribut que llista els serveis PAM autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:299 +msgid "Attribute listing authorized server hosts" +msgstr "L'atribut que llista els amfitrions dels servidors autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:300 +msgid "krbLastPwdChange attribute" +msgstr "L'atribut krbLastPwdChange" + +#: src/config/SSSDConfig/__init__.py.in:301 +msgid "krbPasswordExpiration attribute" +msgstr "L'atribut krbPasswordExpiration" + +#: src/config/SSSDConfig/__init__.py.in:302 +msgid "Attribute indicating that server side password policies are active" +msgstr "" +"L'atribut que indica l'activació de les polítiques de contrasenya de " +"servidor" + +#: src/config/SSSDConfig/__init__.py.in:303 +msgid "accountExpires attribute of AD" +msgstr "L'atribut accountExpires de l'AD" + +#: src/config/SSSDConfig/__init__.py.in:304 +msgid "userAccountControl attribute of AD" +msgstr "L'atribut userAccountControl de l'AD" + +#: src/config/SSSDConfig/__init__.py.in:305 +msgid "nsAccountLock attribute" +msgstr "L'atribut nsAccountLock" + +#: src/config/SSSDConfig/__init__.py.in:306 +msgid "loginDisabled attribute of NDS" +msgstr "L'atribut loginDisabled del NDS" + +#: src/config/SSSDConfig/__init__.py.in:307 +msgid "loginExpirationTime attribute of NDS" +msgstr "L'atribut loginExpirationTime del NDS" + +#: src/config/SSSDConfig/__init__.py.in:308 +msgid "loginAllowedTimeMap attribute of NDS" +msgstr "L'atribut loginAllowedTimeMap del NDS" + +#: src/config/SSSDConfig/__init__.py.in:309 +msgid "SSH public key attribute" +msgstr "L'atribut clau pública SSH" + +#: src/config/SSSDConfig/__init__.py.in:310 +msgid "attribute listing allowed authentication types for a user" +msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari" + +#: src/config/SSSDConfig/__init__.py.in:311 +msgid "attribute containing the X509 certificate of the user" +msgstr "atribut que conté el certificat X509 de l'usuari" + +#: src/config/SSSDConfig/__init__.py.in:313 +msgid "A list of extra attributes to download along with the user entry" +msgstr "" +"Una llista dels atributs extres per baixar juntament amb l'entrada de " +"l'usuari" + +#: src/config/SSSDConfig/__init__.py.in:315 +msgid "Base DN for group lookups" +msgstr "DN base per a la recerca del grup" + +#: src/config/SSSDConfig/__init__.py.in:318 +msgid "Objectclass for groups" +msgstr "L'objectclass per als grups" + +#: src/config/SSSDConfig/__init__.py.in:319 +msgid "Group name" +msgstr "Nom del grup" + +#: src/config/SSSDConfig/__init__.py.in:320 +msgid "Group password" +msgstr "Contrasenya del grup" + +#: src/config/SSSDConfig/__init__.py.in:321 +msgid "GID attribute" +msgstr "L'atribut GID" + +#: src/config/SSSDConfig/__init__.py.in:322 +msgid "Group member attribute" +msgstr "L'atribut membre del grup" + +#: src/config/SSSDConfig/__init__.py.in:323 +msgid "Group UUID attribute" +msgstr "L'atribut UUID del grup" + +#: src/config/SSSDConfig/__init__.py.in:325 +msgid "Modification time attribute for groups" +msgstr "L'atribut data de modificació per als grups" + +#: src/config/SSSDConfig/__init__.py.in:326 +msgid "Type of the group and other flags" +msgstr "Tipus del grup i altres senyals" + +#: src/config/SSSDConfig/__init__.py.in:328 +msgid "Maximum nesting level SSSd will follow" +msgstr "Nivell màxim d'encadenament que seguirà l'SSSd" + +#: src/config/SSSDConfig/__init__.py.in:330 +msgid "Base DN for netgroup lookups" +msgstr "DN base per a la recerca del grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:331 +msgid "Objectclass for netgroups" +msgstr "L'objectclass per als grups de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:332 +msgid "Netgroup name" +msgstr "Nom de grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:333 +msgid "Netgroups members attribute" +msgstr "L'atribut membres del grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:334 +msgid "Netgroup triple attribute" +msgstr "L'atribut triple del grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:335 +msgid "Modification time attribute for netgroups" +msgstr "L'atribut data de modificació per als grups de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:337 +msgid "Base DN for service lookups" +msgstr "DN base per a la recerca del servei" + +#: src/config/SSSDConfig/__init__.py.in:338 +msgid "Objectclass for services" +msgstr "Objectclass per als serveis" + +#: src/config/SSSDConfig/__init__.py.in:339 +msgid "Service name attribute" +msgstr "L'atribut nom del servei" + +#: src/config/SSSDConfig/__init__.py.in:340 +msgid "Service port attribute" +msgstr "L'atribut port del servei" + +#: src/config/SSSDConfig/__init__.py.in:341 +msgid "Service protocol attribute" +msgstr "L'atribut protocol del servei" + +#: src/config/SSSDConfig/__init__.py.in:344 +msgid "Lower bound for ID-mapping" +msgstr "Límit inferior per a l'assignació d'id." + +#: src/config/SSSDConfig/__init__.py.in:345 +msgid "Upper bound for ID-mapping" +msgstr "Límit superior per a l'assignació d'id." + +#: src/config/SSSDConfig/__init__.py.in:346 +msgid "Number of IDs for each slice when ID-mapping" +msgstr "Nombres d'id. per cada porció en l'assignació d'id." + +#: src/config/SSSDConfig/__init__.py.in:347 +msgid "Use autorid-compatible algorithm for ID-mapping" +msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id." + +#: src/config/SSSDConfig/__init__.py.in:348 +msgid "Name of the default domain for ID-mapping" +msgstr "Nom del domini per defecte per a l'assignació d'id." + +#: src/config/SSSDConfig/__init__.py.in:349 +msgid "SID of the default domain for ID-mapping" +msgstr "SID del domini per defecte per a l'assignació d'id." + +#: src/config/SSSDConfig/__init__.py.in:351 +msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" +msgstr "Utilitza LDAP_MATCHING_RULE_IN_CHAIN per a la recerca del grup" + +#: src/config/SSSDConfig/__init__.py.in:352 +msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" +msgstr "" +"Utilitza LDAP_MATCHING_RULE_IN_CHAIN per a la recerca del grup inicial" + +#: src/config/SSSDConfig/__init__.py.in:353 +msgid "Whether to use Token-Groups" +msgstr "Si s'utilitzen els grups amb testimonis" + +#: src/config/SSSDConfig/__init__.py.in:354 +msgid "Set lower boundary for allowed IDs from the LDAP server" +msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP" + +#: src/config/SSSDConfig/__init__.py.in:355 +msgid "Set upper boundary for allowed IDs from the LDAP server" +msgstr "Estableix el límit superior per als id. permesos del servidor LDAP" + +#: src/config/SSSDConfig/__init__.py.in:356 +msgid "DN for ppolicy queries" +msgstr "DN per a les consultes ppolicy" + +#: src/config/SSSDConfig/__init__.py.in:359 +msgid "Policy to evaluate the password expiration" +msgstr "Política per avaluar el venciment de la contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:363 +msgid "Which attributes shall be used to evaluate if an account is expired" +msgstr "" +"Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut" + +#: src/config/SSSDConfig/__init__.py.in:364 +msgid "Which rules should be used to evaluate access control" +msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés" + +#: src/config/SSSDConfig/__init__.py.in:367 +msgid "URI of an LDAP server where password changes are allowed" +msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:368 +msgid "URI of a backup LDAP server where password changes are allowed" +msgstr "" +"URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:369 +msgid "DNS service name for LDAP password change server" +msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes" + +#: src/config/SSSDConfig/__init__.py.in:370 +msgid "" +"Whether to update the ldap_user_shadow_last_change attribute after a " +"password change" +msgstr "" +"Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de " +"contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:373 +msgid "Base DN for sudo rules lookups" +msgstr "DN base per a la recerca de les regles sudo" + +#: src/config/SSSDConfig/__init__.py.in:374 +msgid "Automatic full refresh period" +msgstr "Període d'actualització automàtica completa" + +#: src/config/SSSDConfig/__init__.py.in:375 +msgid "Automatic smart refresh period" +msgstr "Període d'actualització automàtica intel·ligent" + +#: src/config/SSSDConfig/__init__.py.in:376 +msgid "Whether to filter rules by hostname, IP addresses and network" +msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa" + +#: src/config/SSSDConfig/__init__.py.in:377 +msgid "" +"Hostnames and/or fully qualified domain names of this machine to filter sudo " +"rules" +msgstr "" +"Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina " +"per filtrar les regles de sudo" + +#: src/config/SSSDConfig/__init__.py.in:378 +msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" +msgstr "" +"Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo" + +#: src/config/SSSDConfig/__init__.py.in:379 +msgid "Whether to include rules that contains netgroup in host attribute" +msgstr "" +"Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de " +"l'amfitrió" + +#: src/config/SSSDConfig/__init__.py.in:380 +msgid "" +"Whether to include rules that contains regular expression in host attribute" +msgstr "" +"Si s'inclouen les regles que contenen expressions regulars a l'atribut de " +"l'amfitrió" + +#: src/config/SSSDConfig/__init__.py.in:381 +msgid "Object class for sudo rules" +msgstr "Objectclass de les regles sudo" + +#: src/config/SSSDConfig/__init__.py.in:382 +msgid "Sudo rule name" +msgstr "Nom de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:383 +msgid "Sudo rule command attribute" +msgstr "Attribut command de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:384 +msgid "Sudo rule host attribute" +msgstr "L'atribut host de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:385 +msgid "Sudo rule user attribute" +msgstr "L'atribut user de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:386 +msgid "Sudo rule option attribute" +msgstr "L'atribut option de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:387 +msgid "Sudo rule runas attribute" +msgstr "L'atribut runas de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:388 +msgid "Sudo rule runasuser attribute" +msgstr "L'atribut runasuser de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:389 +msgid "Sudo rule runasgroup attribute" +msgstr "L'atribut runasgroup de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:390 +msgid "Sudo rule notbefore attribute" +msgstr "L'atribut notbefore de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:391 +msgid "Sudo rule notafter attribute" +msgstr "L'atribut notafter de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:392 +msgid "Sudo rule order attribute" +msgstr "L'atribut order de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:395 +msgid "Object class for automounter maps" +msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic" + +#: src/config/SSSDConfig/__init__.py.in:396 +msgid "Automounter map name attribute" +msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic" + +#: src/config/SSSDConfig/__init__.py.in:397 +msgid "Object class for automounter map entries" +msgstr "" +"Objectclass per a les entrades de les assignacions de l'eina de muntatge " +"automàtic" + +#: src/config/SSSDConfig/__init__.py.in:398 +msgid "Automounter map entry key attribute" +msgstr "" +"L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic" + +#: src/config/SSSDConfig/__init__.py.in:399 +msgid "Automounter map entry value attribute" +msgstr "" +"L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic" + +#: src/config/SSSDConfig/__init__.py.in:400 +msgid "Base DN for automounter map lookups" +msgstr "" +"DN base per a la recerca de l'assignació de l'eina de muntatge automàtic" + +#: src/config/SSSDConfig/__init__.py.in:403 +msgid "Comma separated list of allowed users" +msgstr "Llista separada per comes dels usuaris autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:404 +msgid "Comma separated list of prohibited users" +msgstr "Llista separada per comes dels usuaris no autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:407 +msgid "Default shell, /bin/bash" +msgstr "El shell predeterminat, /bin/bash" + +#: src/config/SSSDConfig/__init__.py.in:408 +msgid "Base for home directories" +msgstr "Base per als directoris inicials" + +#: src/config/SSSDConfig/__init__.py.in:411 +msgid "The name of the NSS library to use" +msgstr "El nom de la biblioteca NSS a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:412 +msgid "Whether to look up canonical group name from cache if possible" +msgstr "" +"Si se cerca el nom del grup canònic des de la memòria cau, si és possible" + +#: src/config/SSSDConfig/__init__.py.in:415 +msgid "PAM stack to use" +msgstr "Pila PAM a utilitzar" + +#: src/monitor/monitor.c:2838 +msgid "Become a daemon (default)" +msgstr "Esdevé un dimoni (per defecte)" + +#: src/monitor/monitor.c:2840 +msgid "Run interactive (not a daemon)" +msgstr "Executa en mode interactiu (no com a dimoni)" + +#: src/monitor/monitor.c:2842 src/tools/sss_debuglevel.c:71 +msgid "Specify a non-default config file" +msgstr "Especifica un fitxer de configuració diferent del predeterminat" + +#: src/monitor/monitor.c:2844 +msgid "Print version number and exit" +msgstr "Imprimeix el número de versió i surt" + +#: src/providers/krb5/krb5_child.c:2592 src/providers/ldap/ldap_child.c:609 +#: src/util/util.h:110 +msgid "Debug level" +msgstr "Nivell de depuració" + +#: src/providers/krb5/krb5_child.c:2594 src/providers/ldap/ldap_child.c:611 +#: src/util/util.h:116 +msgid "Add debug timestamps" +msgstr "Afegeix les marques temporals de depuració" + +#: src/providers/krb5/krb5_child.c:2596 src/providers/ldap/ldap_child.c:613 +#: src/util/util.h:118 +msgid "Show timestamps with microseconds" +msgstr "Mostra les marques temporals amb microsegons" + +#: src/providers/krb5/krb5_child.c:2598 src/providers/ldap/ldap_child.c:615 +msgid "An open file descriptor for the debug logs" +msgstr "Un descriptor de fitxer obert pels registres de depuració" + +#: src/providers/krb5/krb5_child.c:2601 src/providers/ldap/ldap_child.c:617 +#: src/util/util.h:114 +msgid "Send the debug output to stderr directly." +msgstr "Envia directament la sortida de depuració al stderr." + +#: src/providers/krb5/krb5_child.c:2603 +msgid "The user to create FAST ccache as" +msgstr "L'usuari amb què es crea la ccache FAST" + +#: src/providers/krb5/krb5_child.c:2605 +msgid "The group to create FAST ccache as" +msgstr "El grup amb què es crea la ccache FAST" + +#: src/providers/data_provider_be.c:2833 +msgid "Domain of the information provider (mandatory)" +msgstr "Domini del proveïdor d'informació (obligatori)" + +#: src/sss_client/common.c:971 +msgid "Privileged socket has wrong ownership or permissions." +msgstr "El sòcol amb privilegis té malament els permisos o el propietari." + +#: src/sss_client/common.c:974 +msgid "Public socket has wrong ownership or permissions." +msgstr "El sòcol públic té malament els permisos o el propietari." + +#: src/sss_client/common.c:977 +msgid "Unexpected format of the server credential message." +msgstr "Format inesperat del missatge de les credencials del servidor." + +#: src/sss_client/common.c:980 +msgid "SSSD is not run by root." +msgstr "L'SSSD no s'està executant com a root." + +#: src/sss_client/common.c:985 +msgid "An error occurred, but no description can be found." +msgstr "S'ha produït un error però no s'ha pogut trobar cap descripció." + +#: src/sss_client/common.c:991 +msgid "Unexpected error while looking for an error description" +msgstr "Error inesperat en cercar una descripció de l'error" + +#: src/sss_client/pam_sss.c:66 +msgid "Permission denied. " +msgstr "Permís denegat." + +#: src/sss_client/pam_sss.c:67 src/sss_client/pam_sss.c:728 +#: src/sss_client/pam_sss.c:739 +msgid "Server message: " +msgstr "Missatge del servidor: " + +#: src/sss_client/pam_sss.c:246 +msgid "Passwords do not match" +msgstr "Les contrasenyes no coincideixen" + +#: src/sss_client/pam_sss.c:434 +msgid "Password reset by root is not supported." +msgstr "No s'admet el restabliment de la contrasenya pel root." + +#: src/sss_client/pam_sss.c:475 +msgid "Authenticated with cached credentials" +msgstr "S'ha autenticat amb credencials de la memòria cau" + +#: src/sss_client/pam_sss.c:476 +msgid ", your cached password will expire at: " +msgstr ", la vostra contrasenya en memòria cau vencerà el: " + +#: src/sss_client/pam_sss.c:506 +#, c-format +msgid "Your password has expired. You have %1$d grace login(s) remaining." +msgstr "" +"La vostra contrasenya ha vençut. Teniu %1$d inicis de sessió restants de " +"cortesia." + +#: src/sss_client/pam_sss.c:552 +#, c-format +msgid "Your password will expire in %1$d %2$s." +msgstr "La vostra contrasenya vencerà en %1$d %2$s." + +#: src/sss_client/pam_sss.c:601 +msgid "Authentication is denied until: " +msgstr "S'ha denegat l'autenticació fins: " + +#: src/sss_client/pam_sss.c:622 +msgid "System is offline, password change not possible" +msgstr "El sistema està desconnectat, el canvi de contrasenya no és possible" + +#: src/sss_client/pam_sss.c:637 +msgid "" +"After changing the OTP password, you need to log out and back in order to " +"acquire a ticket" +msgstr "" +"Després de canviar la contrasenya OTP, heu de tancar la sessió i tornar-la a " +"iniciar per tal d'adquirir un tiquet" + +#: src/sss_client/pam_sss.c:725 src/sss_client/pam_sss.c:738 +msgid "Password change failed. " +msgstr "Ha fallat el canvi de contrasenya." + +#: src/sss_client/pam_sss.c:1354 +msgid "New Password: " +msgstr "Nova contrasenya: " + +#: src/sss_client/pam_sss.c:1355 +msgid "Reenter new Password: " +msgstr "Torneu a introduir la nova contrasenya: " + +#: src/sss_client/pam_sss.c:1459 +msgid "First Factor: " +msgstr "Primer factor:" + +#: src/sss_client/pam_sss.c:1460 +msgid "Second Factor: " +msgstr "Segon factor:" + +#: src/sss_client/pam_sss.c:1462 +msgid "Password: " +msgstr "Contrasenya: " + +#: src/sss_client/pam_sss.c:1502 +msgid "Current Password: " +msgstr "Contrasenya actual: " + +#: src/sss_client/pam_sss.c:1701 +msgid "Password expired. Change your password now." +msgstr "La contrasenya ha vençut. Canvieu ara la vostra contrasenya." + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 +#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 +#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651 +#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 +#: src/tools/sss_cache.c:587 src/tools/sss_debuglevel.c:69 +msgid "The debug level to run with" +msgstr "El nivell de depuració amb què s'executa" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 +msgid "The SSSD domain to use" +msgstr "El domini SSSD a utilitzar" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74 +#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54 +#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:663 +#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:79 +#: src/tools/sss_cache.c:627 +msgid "Error setting the locale\n" +msgstr "S'ha produït un error en establir la configuració regional\n" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 +msgid "Not enough memory\n" +msgstr "No hi ha memòria suficient\n" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 +msgid "User not specified\n" +msgstr "No s'ha especificat l'usuari\n" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 +msgid "Error looking up public keys\n" +msgstr "S'ha produït un error en cercar les claus públiques\n" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 +msgid "The port to use to connect to the host" +msgstr "El port a utilitzar per connectar-se a l'amfitrió" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 +msgid "Invalid port\n" +msgstr "Port no vàlid\n" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 +msgid "Host not specified\n" +msgstr "No s'ha especificat l'amfitrió\n" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 +msgid "The path to the proxy command must be absolute\n" +msgstr "El camí a l'ordre proxy ha de ser absolut\n" + +#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 +msgid "The UID of the user" +msgstr "L'UID de l'usuari" + +#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 +msgid "The comment string" +msgstr "La cadena del comentari" + +#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 +msgid "Home directory" +msgstr "El directori inicial" + +#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 +msgid "Login shell" +msgstr "El shell de l'inici de sessió" + +#: src/tools/sss_useradd.c:53 +msgid "Groups" +msgstr "Els grups" + +#: src/tools/sss_useradd.c:54 +msgid "Create user's directory if it does not exist" +msgstr "Crea el directori de l'usuari si no existeix" + +#: src/tools/sss_useradd.c:55 +msgid "Never create user's directory, overrides config" +msgstr "No creïs mai el directori de l'usuari, substitueix la configuració" + +#: src/tools/sss_useradd.c:56 +msgid "Specify an alternative skeleton directory" +msgstr "Especifica un directori esquemàtic alternatiu" + +#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60 +msgid "The SELinux user for user's login" +msgstr "L'usuari de SELinux per a l'inici de sessió de l'usuari" + +#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79 +#: src/tools/sss_usermod.c:92 +msgid "Specify group to add to\n" +msgstr "Especifica el grup a afegir-se\n" + +#: src/tools/sss_useradd.c:111 +msgid "Specify user to add\n" +msgstr "Especifica l'usuari a afegir\n" + +#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 +#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 +#: src/tools/sss_groupshow.c:697 src/tools/sss_userdel.c:198 +#: src/tools/sss_usermod.c:162 +msgid "Error initializing the tools - no local domain\n" +msgstr "" +"S'ha produït un error en inicialitzar les eines - no hi ha cap domini " +"local\n" + +#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88 +#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115 +#: src/tools/sss_groupshow.c:699 src/tools/sss_userdel.c:200 +#: src/tools/sss_usermod.c:164 +msgid "Error initializing the tools\n" +msgstr "S'ha produït un error en inicialitzar les eines\n" + +#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97 +#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123 +#: src/tools/sss_groupshow.c:708 src/tools/sss_userdel.c:209 +#: src/tools/sss_usermod.c:173 +msgid "Invalid domain specified in FQDN\n" +msgstr "S'ha especificat un domini no vàlid al FQDN\n" + +#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144 +#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197 +#: src/tools/sss_usermod.c:226 +msgid "Internal error while parsing parameters\n" +msgstr "S'ha produït un error intern en analitzar els paràmetres\n" + +#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206 +#: src/tools/sss_usermod.c:235 +msgid "Groups must be in the same domain as user\n" +msgstr "Els grups han d'estar al mateix domini que l'usuari\n" + +#: src/tools/sss_useradd.c:159 +#, c-format +msgid "Cannot find group %1$s in local domain\n" +msgstr "No es pot trobar el grup %1$s al domini local\n" + +#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219 +msgid "Cannot set default values\n" +msgstr "No es poden establir els valors per defecte\n" + +#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187 +msgid "The selected UID is outside the allowed range\n" +msgstr "L'UID seleccionat es troba fora de l'interval permès\n" + +#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305 +msgid "Cannot set SELinux login context\n" +msgstr "No es pot establir el context de l'inici de sessió de SELinux\n" + +#: src/tools/sss_useradd.c:224 +msgid "Cannot get info about the user\n" +msgstr "No es pot obtenir la informació sobre l'usuari\n" + +#: src/tools/sss_useradd.c:236 +msgid "User's home directory already exists, not copying data from skeldir\n" +msgstr "" +"El directori inicial de l'usuari ja existeix, no es copiaran les dades del " +"directori esquemàtic\n" + +#: src/tools/sss_useradd.c:239 +#, c-format +msgid "Cannot create user's home directory: %1$s\n" +msgstr "No es pot crear el directori inicial de l'usuari: %1$s\n" + +#: src/tools/sss_useradd.c:250 +#, c-format +msgid "Cannot create user's mail spool: %1$s\n" +msgstr "No es pot crear la gestió de cues del correu de l'usuari: %1$s\n" + +#: src/tools/sss_useradd.c:270 +msgid "Could not allocate ID for the user - domain full?\n" +msgstr "No s'ha pogut assignar un id. per a l'usuari - domini ple?\n" + +#: src/tools/sss_useradd.c:274 +msgid "A user or group with the same name or ID already exists\n" +msgstr "Ja existeix un usuari o grup amb el mateix nom o id.\n" + +#: src/tools/sss_useradd.c:280 +msgid "Transaction error. Could not add user.\n" +msgstr "S'ha produït un error de transacció. No s'ha pogut afegir l'usuari.\n" + +#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 +msgid "The GID of the group" +msgstr "El GID del grup" + +#: src/tools/sss_groupadd.c:76 +msgid "Specify group to add\n" +msgstr "Especifica el grup a afegir\n" + +#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198 +msgid "The selected GID is outside the allowed range\n" +msgstr "El GID seleccionat està fora de l'interval permès\n" + +#: src/tools/sss_groupadd.c:143 +msgid "Could not allocate ID for the group - domain full?\n" +msgstr "No s'ha pogut assignar un id. pel grup - domini ple?\n" + +#: src/tools/sss_groupadd.c:147 +msgid "A group with the same name or GID already exists\n" +msgstr "Ja existeix un grup amb el mateix nom o GID\n" + +#: src/tools/sss_groupadd.c:153 +msgid "Transaction error. Could not add group.\n" +msgstr "" +"S'ha produït un error en la transacció. No s'ha pogut afegir el grup.\n" + +#: src/tools/sss_groupdel.c:70 +msgid "Specify group to delete\n" +msgstr "Especifiqueu el grup a eliminar\n" + +#: src/tools/sss_groupdel.c:104 +#, c-format +msgid "Group %1$s is outside the defined ID range for domain\n" +msgstr "El grup %1$s està fora de l'interval d'id. definit pel domini\n" + +#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225 +#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239 +#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:282 +#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296 +#, c-format +msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" +msgstr "" +"Ha fallat la sol·licitud NSS (%1$d). L'entrada podria romandre en la memòria " +"cau.\n" + +#: src/tools/sss_groupdel.c:132 +msgid "" +"No such group in local domain. Removing groups only allowed in local domain." +"\n" +msgstr "" +"No existeix el grup al domini local. L'eliminació dels grups només està " +"permesa al domini local.\n" + +#: src/tools/sss_groupdel.c:137 +msgid "Internal error. Could not remove group.\n" +msgstr "S'ha produït un error intern. No s'ha pogut eliminar el grup.\n" + +#: src/tools/sss_groupmod.c:44 +msgid "Groups to add this group to" +msgstr "Els grups per afegir aquest grup" + +#: src/tools/sss_groupmod.c:46 +msgid "Groups to remove this group from" +msgstr "Els grups per eliminar aquest grup" + +#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100 +msgid "Specify group to remove from\n" +msgstr "Especifica el grup del qual s'ha d'eliminar\n" + +#: src/tools/sss_groupmod.c:101 +msgid "Specify group to modify\n" +msgstr "Especifica el grup a modificar\n" + +#: src/tools/sss_groupmod.c:130 +msgid "" +"Cannot find group in local domain, modifying groups is allowed only in local " +"domain\n" +msgstr "" +"No es pot trobar el grup al domini local, la modificació de grups només es " +"permet al domini local\n" + +#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182 +msgid "Member groups must be in the same domain as parent group\n" +msgstr "Els grups membres han d'estar al mateix domini com a grup primari\n" + +#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190 +#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243 +#, c-format +msgid "" +"Cannot find group %1$s in local domain, only groups in local domain are " +"allowed\n" +msgstr "" +"No s'ha pogut trobar el grup %1$s al domini local, només es permeten els " +"grups al domini local\n" + +#: src/tools/sss_groupmod.c:257 +msgid "Could not modify group - check if member group names are correct\n" +msgstr "" +"No s'ha pogut modificar el grup - comproveu que els noms dels grups membres " +"siguin correctes\n" + +#: src/tools/sss_groupmod.c:261 +msgid "Could not modify group - check if groupname is correct\n" +msgstr "" +"No s'ha pogut modificar el grup - comproveu que el nom de grup sigui " +"correcte\n" + +#: src/tools/sss_groupmod.c:265 +msgid "Transaction error. Could not modify group.\n" +msgstr "" +"S'ha produït un error en la transacció. No s'ha pogut modificar el grup.\n" + +#: src/tools/sss_groupshow.c:598 +#, c-format +msgid "%1$s%2$sGroup: %3$s\n" +msgstr "%1$s%2$sGrup: %3$s\n" + +#: src/tools/sss_groupshow.c:599 +msgid "Magic Private " +msgstr "Privat màgic " + +#: src/tools/sss_groupshow.c:601 +#, c-format +msgid "%1$sGID number: %2$d\n" +msgstr "%1$sNúmero GID: %2$d\n" + +#: src/tools/sss_groupshow.c:603 +#, c-format +msgid "%1$sMember users: " +msgstr "%1$sUsuaris membre: " + +#: src/tools/sss_groupshow.c:610 +#, c-format +msgid "\n" +"%1$sIs a member of: " +msgstr "\n" +"%1$sÉs un membre de: " + +#: src/tools/sss_groupshow.c:617 +#, c-format +msgid "\n" +"%1$sMember groups: " +msgstr "\n" +"%1$sGrups membres: " + +#: src/tools/sss_groupshow.c:653 +msgid "Print indirect group members recursively" +msgstr "Imprimeix els membres dels grups indirectes amb recursivitat" + +#: src/tools/sss_groupshow.c:687 +msgid "Specify group to show\n" +msgstr "Especifica el grup a mostrar\n" + +#: src/tools/sss_groupshow.c:727 +msgid "" +"No such group in local domain. Printing groups only allowed in local domain." +"\n" +msgstr "" +"No s'ha trobat el grup al domini local. La impressió dels grups només està " +"permesa al domini local.\n" + +#: src/tools/sss_groupshow.c:732 +msgid "Internal error. Could not print group.\n" +msgstr "S'ha produït un error intern. No es pot imprimir el grup.\n" + +#: src/tools/sss_userdel.c:136 +msgid "Remove home directory and mail spool" +msgstr "Elimina el directori inicial i la gestió de cues del correu" + +#: src/tools/sss_userdel.c:138 +msgid "Do not remove home directory and mail spool" +msgstr "No eliminis el directori inicial i la gestió de cues del correu" + +#: src/tools/sss_userdel.c:140 +msgid "Force removal of files not owned by the user" +msgstr "Força l'eliminació de fitxers que no són propietat de l'usuari" + +#: src/tools/sss_userdel.c:142 +msgid "Kill users' processes before removing him" +msgstr "Mata els processos de l'usuari abans d'eliminar-lo" + +#: src/tools/sss_userdel.c:188 +msgid "Specify user to delete\n" +msgstr "Especifica l'usuari a eliminar\n" + +#: src/tools/sss_userdel.c:234 +#, c-format +msgid "User %1$s is outside the defined ID range for domain\n" +msgstr "L'usuari %1$s està fora de l'interval d'id. pel domini\n" + +#: src/tools/sss_userdel.c:259 +msgid "Cannot reset SELinux login context\n" +msgstr "No es pot reiniciar el context d'inici de sessió de SELinux\n" + +#: src/tools/sss_userdel.c:271 +#, c-format +msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" +msgstr "" +"ATENCIÓ: L'usuari (uid %1$lu) encara estava en la sessió quan es va eliminar." +"\n" + +#: src/tools/sss_userdel.c:276 +msgid "Cannot determine if the user was logged in on this platform" +msgstr "" +"No es pot determinar si l'usuari tenia la sessió iniciada a aquesta " +"plataforma" + +#: src/tools/sss_userdel.c:281 +msgid "Error while checking if the user was logged in\n" +msgstr "" +"S'ha produït un error en comprovar si l'usuari havia iniciat la sessió\n" + +#: src/tools/sss_userdel.c:288 +#, c-format +msgid "The post-delete command failed: %1$s\n" +msgstr "L'ordre post-delete ha fallat: %1$s\n" + +#: src/tools/sss_userdel.c:308 +msgid "Not removing home dir - not owned by user\n" +msgstr "No s'ha eliminat el directori inicial - no és propietat de l'usuari\n" + +#: src/tools/sss_userdel.c:310 +#, c-format +msgid "Cannot remove homedir: %1$s\n" +msgstr "No es pot eliminar el directori inicial: %1$s\n" + +#: src/tools/sss_userdel.c:324 +msgid "" +"No such user in local domain. Removing users only allowed in local domain.\n" +msgstr "" +"No s'ha trobat l'usuari al domini local. L'eliminació d'usuaris dels grups " +"només està permesa al domini local.\n" + +#: src/tools/sss_userdel.c:329 +msgid "Internal error. Could not remove user.\n" +msgstr "S'ha produït un error intern. No s'ha pogut eliminar l'usuari.\n" + +#: src/tools/sss_usermod.c:49 +msgid "The GID of the user" +msgstr "El GID de l'usuari" + +#: src/tools/sss_usermod.c:53 +msgid "Groups to add this user to" +msgstr "Els grups per afegir aquest usuari" + +#: src/tools/sss_usermod.c:54 +msgid "Groups to remove this user from" +msgstr "Els grups per eliminar aquest usuari" + +#: src/tools/sss_usermod.c:55 +msgid "Lock the account" +msgstr "Bloqueja aquest compte" + +#: src/tools/sss_usermod.c:56 +msgid "Unlock the account" +msgstr "Desbloqueja aquest compte" + +#: src/tools/sss_usermod.c:57 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "Afegeix una parella atribut/valor. El format és nomatribut=valor." + +#: src/tools/sss_usermod.c:58 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "Elimina una parella atribut/valor. El format és nomatribut=valor." + +#: src/tools/sss_usermod.c:59 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" +"Estableix un atribut a una parella atribut/valor. El format és nomatribut=" +"valor. Per als atributs amb múltiples valors, l'ordre substitueix els valors " +"ja presents." + +#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126 +#: src/tools/sss_usermod.c:135 +msgid "Specify the attribute name/value pair(s)\n" +msgstr "Especifica les parelles nom/valor de l'atribut\n" + +#: src/tools/sss_usermod.c:152 +msgid "Specify user to modify\n" +msgstr "Especifica l'usuari a modificar\n" + +#: src/tools/sss_usermod.c:180 +msgid "" +"Cannot find user in local domain, modifying users is allowed only in local " +"domain\n" +msgstr "" +"No es pot trobar l'usuari al domini local, la modificació d'usuaris només es " +"permet al domini local\n" + +#: src/tools/sss_usermod.c:322 +msgid "Could not modify user - check if group names are correct\n" +msgstr "" +"No s'ha pogut modificar l'usuari - comproveu que els noms dels grups siguin " +"correctes\n" + +#: src/tools/sss_usermod.c:326 +msgid "Could not modify user - user already member of groups?\n" +msgstr "No s'ha pogut modificar l'usuari - l'usuari ja pertany als grups?\n" + +#: src/tools/sss_usermod.c:330 +msgid "Transaction error. Could not modify user.\n" +msgstr "" +"S'ha produït un error en la transacció. No s'ha pogut modificar l'usuari.\n" + +#: src/tools/sss_cache.c:188 +msgid "No cache object matched the specified search\n" +msgstr "Cap objecte de la memòria cau ha coincidit amb la cerca especificada\n" + +#: src/tools/sss_cache.c:431 +#, c-format +msgid "Couldn't invalidate %1$s\n" +msgstr "No s'ha pogut invalidar %1$s\n" + +#: src/tools/sss_cache.c:438 +#, c-format +msgid "Couldn't invalidate %1$s %2$s\n" +msgstr "No s'ha pogut invalidar %1$s %2$s\n" + +#: src/tools/sss_cache.c:589 +msgid "Invalidate all cached entries except for sudo rules" +msgstr "" +"Invalida totes les entrades de la memòria cau amb l'excepció de les regles " +"sudo" + +#: src/tools/sss_cache.c:591 +msgid "Invalidate particular user" +msgstr "Invalida un usuari determinat" + +#: src/tools/sss_cache.c:593 +msgid "Invalidate all users" +msgstr "Invalida tots els usuaris" + +#: src/tools/sss_cache.c:595 +msgid "Invalidate particular group" +msgstr "Invalida un grup determinat" + +#: src/tools/sss_cache.c:597 +msgid "Invalidate all groups" +msgstr "Invalida tots els grups" + +#: src/tools/sss_cache.c:599 +msgid "Invalidate particular netgroup" +msgstr "Invalida un grup de xarxa determinat" + +#: src/tools/sss_cache.c:601 +msgid "Invalidate all netgroups" +msgstr "Invalida tots els grups de xarxa" + +#: src/tools/sss_cache.c:603 +msgid "Invalidate particular service" +msgstr "Invalida un servei determinat" + +#: src/tools/sss_cache.c:605 +msgid "Invalidate all services" +msgstr "Invalida tots els serveis" + +#: src/tools/sss_cache.c:608 +msgid "Invalidate particular autofs map" +msgstr "Invalida una assignació autofs determinada" + +#: src/tools/sss_cache.c:610 +msgid "Invalidate all autofs maps" +msgstr "Invalida totes les assignacions autofs" + +#: src/tools/sss_cache.c:614 +msgid "Invalidate particular SSH host" +msgstr "Invalida un amfitrió SSH determinat" + +#: src/tools/sss_cache.c:616 +msgid "Invalidate all SSH hosts" +msgstr "Invalida tots els amfitrions SSH" + +#: src/tools/sss_cache.c:619 +msgid "Only invalidate entries from a particular domain" +msgstr "Invalida les entrades només d'un domini determinat" + +#: src/tools/sss_cache.c:668 +msgid "Please select at least one object to invalidate\n" +msgstr "Si us plau, seleccioneu almenys un objecte a invalidar\n" + +#: src/tools/sss_cache.c:751 +#, c-format +msgid "" +"Could not open domain %1$s. If the domain is a subdomain (trusted domain), " +"use fully qualified name instead of --domain/-d parameter.\n" +msgstr "" +"No es pot obrir el domini %1$s. Si el domini és un subdomini (domini de " +"confiança), utilitzeu el FQN en lloc del paràmetre --domain/-d.\n" + +#: src/tools/sss_cache.c:755 +msgid "Could not open available domains\n" +msgstr "No s'han pogut obrir els dominis disponibles\n" + +#: src/tools/sss_debuglevel.c:40 +msgid "\n" +msgstr "\n" + +#: src/tools/sss_debuglevel.c:96 +msgid "Specify debug level you want to set\n" +msgstr "Especifica el nivell de depuració que vulgueu establir\n" + +#: src/tools/sss_debuglevel.c:102 +msgid "Only one argument expected\n" +msgstr "Tan sols s'esperava un argument\n" + +#: src/tools/tools_util.c:204 +#, c-format +msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" +msgstr "El nom '%1$s' no sembla un FQDN ('%2$s = TRUE' està establert)\n" + +#: src/tools/tools_util.c:309 +msgid "Out of memory\n" +msgstr "Sense memòria\n" + +#: src/tools/tools_util.h:43 +#, c-format +msgid "%1$s must be run as root\n" +msgstr "S'ha d'executar %1$s com a root\n" + +#: src/util/util.h:112 +msgid "Send the debug output to files instead of stderr" +msgstr "Envia la sortida de depuració a fitxers en lloc del stderr" + +#: src/util/util.h:182 +msgid "The user ID to run the server as" +msgstr "L'id. d'usuari amb què s'executa el servidor" + +#: src/util/util.h:184 +msgid "The group ID to run the server as" +msgstr "L'id. de grup amb què s'executa el servidor" --- sssd-1.13.4.orig/scripts/release.sh +++ sssd-1.13.4/scripts/release.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +function config() +{ + autoreconf -i -f || return $? + ./configure +} + +SAVED_PWD=$PWD +version=`grep '\[VERSION_NUMBER], \[.*\]' version.m4 |grep '[0-9]\+\.[0-9]\+\.[0-9]\+' -o` +tag=$(echo ${version} | tr "." "_") + +trap "cd $SAVED_PWD; rm -rf sssd-${version} sssd-${version}.tar" EXIT + +git archive --format=tar --prefix=sssd-${version}/ sssd-${tag} > sssd-${version}.tar +if [ $? -ne 0 ]; then + echo "Cannot perform git-archive, check if tag $tag is present in git tree" + exit 1 +fi +tar xf sssd-${version}.tar + +pushd sssd-${version} +config || exit 1 +make dist-gzip || exit 1 # also builds docs +popd + +mv sssd-${version}/sssd-${version}.tar.gz . +gpg --detach-sign --armor sssd-${version}.tar.gz + --- sssd-1.13.4.orig/src/man/po/LINGUAS +++ sssd-1.13.4/src/man/po/LINGUAS @@ -0,0 +1 @@ +cs --- sssd-1.13.4.orig/src/man/po/br.po +++ sssd-1.13.4/src/man/po/br.po @@ -0,0 +1,11333 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Fulup , 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek \n" +"Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" +"br/)\n" +"Language: br\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Dornlevr SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "Kemmañur strollad" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "DESKRIVADUR" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "DIBARZHIOÙ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "Ar restr gefluniañ evit SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "FURMAD RESTR" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Dre ziouer : true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "RANNOÙ DIBAR" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "Ar rann [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Arventennoù ar rann" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domanioù" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "re_expression (string)" +msgid "certificate_verification (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "RANNOÙ SERVIJOÙ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Dre ziouer : 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Dre ziouer : 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "Dre zoiuer : root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "Dre zoiuer : 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Dre ziouer : 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +msgid "Default: /etc/pki/nssdb" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "RANNOÙ DOMANI" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +msgid "wildcart_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: root" +msgid "Default: automount" +msgstr "Dre zoiuer : root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30 days" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "OPTIONS" +msgid "COMMON OPTIONS" +msgstr "DIBARZHIOÙ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "" +#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#| "replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "GWELET IVEZ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/ca.po +++ sssd-1.13.4/src/man/po/ca.po @@ -0,0 +1,12487 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Jordi Mas <jmas@softcatala.org>, 2012 +# Jordi Mas <jmas@softcatala.org>, 2012 +# Jordi Mas <jmas@softcatala.org>, 2014 +# muzzol <muzzol@gmail.com>, 2012 +# muzzol <muzzol@gmail.com>, 2012 +# Robert Antoni Buj i Gelonch, 2013 +# Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2015-10-18 04:13-0400\n" +"Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" +"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" +"ca/)\n" +"Language: ca\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Pàgines del manual de l'SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "modifica un grup" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable></arg> <arg choice='plain'> <replaceable>GRUP</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "DESCRIPCIÓ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> modifica el grup per reflectir els canvis " +"que s'especifiquen a la línia d'ordres." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPCIONS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GRUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Afegeix aquest grup als grups especificats amb el paràmetre " +"<replaceable>GRUPS</replaceable>. El paràmetre <replaceable>GRUPS</" +"replaceable> és una llista delimitada per comes dels noms dels grups." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Suprimeix aquest grup dels grups especificats amb el paràmetre " +"<replaceable>GRUPS</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "Formats i convencions dels fitxers" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "el fitxer de configuració per a l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "FORMAT DEL FITXER" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[secció]</replaceable>\n" +"<replaceable>clau</replaceable> = <replaceable>valor</replaceable>\n" +"<replaceable>clau2</replaceable> = <replaceable>valor2,valor3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"El fitxer té un estil de sintaxi del tipus ini i està format per seccions i " +"paràmetres. Una secció comença amb el nom de la secció entre claudàtors i " +"continua fins a l'inici de la següent secció. Un exemple de secció amb " +"paràmetres amb un sol valor i amb valors múltiples: <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Els tipus de dades que s'utilitzen són cadenes (no necessiten cometes), " +"enters i booleans (amb valors <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Una línia de comentari comença amb un signe de coixinet (<quote>#</quote>) o " +"un signe de punt i coma (<quote>;</quote>). Els comentaris en línia no " +"estan admesos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Totes les seccions poden tenir un paràmetre opcional de " +"<replaceable>descripció</replaceable>. La seva funció tan sols és una " +"etiqueta per a la secció." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> ha de ser un fitxer normal, amb root com a " +"propietari i només l'usuari root hi pot llegir o escriure." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "OPCIONS GENERALS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Les següents opcions es poden utilitzar en més d'una secció de configuració." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "Opcions que es poden utilitzar en totes les seccions" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "debug_level (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Afegeix una marca temporal al registre de depuració. Si el journald està " +"habilitat per enregistrar la depuració de l'SSSD, aleshores s'ignora aquesta " +"opció." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Per defecte: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Afegeix els mil·lisegons a les marques temporals als missatges de depuració. " +"Si el journald està habilitat per enregistrar la depuració de l'SSSD, " +"aleshores s'ignora aquesta opció." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "Per defecte: false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Opcions que es poden utilitzar a les seccions SERVEI i DOMINI" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" +"El temps d'expiració entre els batecs per aquest servei. S'utilitza per " +"assegurar que el procés età viu i és capaç de respondre a les peticions." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Per defecte: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "SECCIONS ESPECIALS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "La secció [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Paràmetres de la secció" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indica quina és la sintaxi del fitxer de configuració. La versió 0.6.0 i les " +"posteriors versions de l'SSSD utilitzen la versió 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" +"Llista de serveis separats per comes que s'inicien quan s'inicia el propi " +"sssd." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Serveis admesos: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"El nombre de vegades que els serveis haurien d'intentar tornar a connectar " +"en cas de caiguda o reinici del proveïdor de dades abans de donar-se per " +"vençuts" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Per defecte: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" +"Un domini és una base de dades que conté la informació de l'usuari. L'SSSD " +"pot utilitzar més d'un domini al mateix temps, però com a mínim se n'ha de " +"configurar un o no s'iniciarà l'SSSD. En aquest paràmetre es descriuen la " +"llista dels dominis en l'ordre que vulgueu que es consultin. Un nom de " +"domini tan sols pot consistir de caràcters alfanumèrics ASCII, guions, punts " +"i guions baixos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"L'expressió regular per defecte que descriu com analitzar la cadena que " +"conté el nom d'usuari i el domini en aquests components." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" +"Cadascun dels dominis pot tenir una expressió regular configurada de forma " +"individual. Per alguns proveïdors d'id. també hi ha expressions regulars per " +"defecte. Vegeu les SECCIONS DELS DOMINIS per a més informació sobre aquestes " +"expressions regulars." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Un format compatible amb <citerefentry> <refentrytitle>printf</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry>-que descriu com " +"compondre un FQN des dels components del nom d'usuari i del nom del domini." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "nom d'usuari" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" +"el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Cadascun dels dominis pot tenir una cadena del format configurada de forma " +"individual. Vegeu les SECCIONS DELS DOMINIS per a més informació sobre " +"aquesta opció." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" +"L'SSSD monitora l'estat del resolv.conf per identificar quan cal actualitzar " +"el seu traductor intern de DNS. Per defecte, s'intentarà utilitzar inotify " +"per a això i recaurà en sondejar el resolv.conf cada cinc segons si no es " +"pot utilitzar l'inotify." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Hi ha algunes situacions limitades on es prefereix ignorar fins i tot " +"l'intent d'ús de l'inotify. En aquestes estranyes circumstàncies, s'hauria " +"d'establir aquesta opció a «false»" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Per defecte: true en les plataformes on està suportat l'inotify. Fals en les " +"altres plataformes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Nota: aquesta opció no afectarà les plataformes on l'inotify no està " +"disponible. En aquestes plataformes, sempre s'utilitzarà el sondeig." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"El directori al sistema de fitxers on l'SSSD ha d'emmagatzemar els fitxers " +"cau de repetició del Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Aquesta opció accepta un valor especial __LIBKRB5_DEFAULTS__ que instruirà a " +"l'SSSD per permetre a libkrb5 decidir la ubicació apropiada per a la memòria " +"auxiliar de reproducció." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Per defecte: Específic de la distribució i s'especifica en temps de " +"construcció. (__LIBKRB5_DEFAULTS__ si no està configurat)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "Per defecte: sense establir, els processos s'executaran com a root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Aquesta cadena s'utilitzarà un nom de domini per defecte per a tots els noms " +"que no tinguin el component del nom del domini. El cas d'ús principal està " +"als entorns on el domini principal està destinat a la gestió de les " +"polítiques dels amfitrions i tots els usuaris es troben en un domini de " +"confiança. L'opció permet que els usuaris iniciïn la sessió sols amb el seu " +"nom d'usuari sense donar també un nom de domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" +"Tingueu en compte que si s'estableix aquesta opció per a tots els usuaris " +"des del domini principal, s'han d'utilitzar el seu FQN, p. ex. usuari@nom." +"domini, per iniciar la sessió. En establir aquesta opció es canvia el " +"predeterminat d'use_fully_qualified_names a True. No està permès l'ús " +"d'aquesta opció juntament amb use_fully_qualified_names establert a False." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "Per defecte: sense establir" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "override_space (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Per defecte: sense establir (no se substituiran els espais)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "certificate_verification (string)" +msgstr "ldap_user_certificate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +#, fuzzy +#| msgid "Default: not set, i.e. service discovery is disabled" +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" +"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Les peces individuals de la funcionalitat de l'SSSD es proporcionen amb " +"serveis especials que s'inicien i s'aturen juntament amb l'SSSD. Els " +"serveis es gestionen amb un servei especial anomenat <quote>monitor</quote>. " +"La secció <quote>[sssd]</quote> s'utilitza per configurar el monitor així " +"com altres opcions importants com els dominis d'identitats. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "SECCIONS DELS SERVEIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Ajustos que es poden utilitzar per configurar diferents serveis que es " +"descriuen en aquesta secció. Han de residir a la secció [<replaceable>$Nom</" +"replaceable>], per exemple, per a servei NSS, la secció seria <quote>[nss]</" +"quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "Opcions de configuració del servei general" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "Per defecte: 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "force_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "new_interval = old_interval*2 + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "Per defecte: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "Opcions de configuració de l'NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei del NSS (Name " +"Service Switch)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"El número de segons que nss_sss emmagatzema a la meòria cau les enumeracions " +"(peticions d'informació sobre tots els usuaris)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Per defecte: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"El valor de la memòria cau es pot establir per actualitzar a automàticament " +"les entrades en rerefons, si se sol·liciten més enllà d'un percentatge del " +"valor entry_cache_timeout per al domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Per exemple, si s'estableix entry_cache_timeout del domini a 30 s i " +"entry_cache_nowait_percentage està establert a 50 (per cent), les entrades " +"que arriben després de 15 segons més enllà de l'última actualització de la " +"memòria cau es retornaran immediatament, però l'SSSD anirà actualitzant la " +"memòria cau pel seu propi compte, de manera que no caldrà bloquejar les " +"peticions que esperen per a una actualització de la memòria cau." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Els valors vàlids per a aquesta opció són 0-99 i representen un percentatge " +"de la entry_cache_timeout per a cada domini. Per raons de rendiment, aquest " +"percentatge mai reduirà el temps d'espera de nowait a menys de 10 segons. " +"(0 desactiva aquesta característica)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "Per defecte: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Especifica quants segons nss_sss hauria d'emmagatzemar els intents de la " +"memòria cau negatius (és a dir, consultes per a les entrades incorrectes de " +"la base de dades, com les inexistents) abans de preguntar al rerefons una " +"altra vegada." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Per defecte: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "Per defecte: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Si voleu que els usuaris filtrats encara siguin membres del grup establiu " +"aquesta opció a false." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Estableix una plantilla predeterminada per al directori inicial de l'usuari " +"si no se n'especifica cap explícitament amb el proveïdor de dades del domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Els valors disponibles per aquesta opció són els mateixos que per " +"override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Per defecte: sense establir (cap substitució per als directoris inicials no " +"establerts)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "override_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Substitueix el shell d'inici de sessió per a tots els usuaris. Aquesta opció " +"substitueix qualsevol de les altres opcions del shell si entra en vigor i es " +"pot configurar ja sigui en la secció [nss] o per cada domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "allowed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Restringeix el shell de l'usuari a un dels valors llistats. L'ordre " +"d'avaluació és:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "shell_fallback (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "Per defecte: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "memcache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "Per defecte: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +#, fuzzy +#| msgid "" +#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +#| "applications will not use the fast in memory cache." +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" +"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les " +"aplicacions clients no utilitzaran el fast en la memòria cau." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "user_attributes (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "Opcions de configuració del PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei del PAM " +"(Pluggable Authentication Module)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Si el proveïdor d'autenticació està fora de línia, quant de temps s'haurien " +"de permetre inicis de sessió de la memòria cau (en dies des de l'últim inici " +"de sessió)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "Per defecte: 0 (sense límit)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Si el proveïdor d'autenticació està fora de línia, quants intents d'accés " +"fallits es permet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"El temps en minuts que ha de passar després que s'ha assolit " +"offline_failed_login_attempts abans que un nou intent de connexió sigui " +"possible." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "Per defecte: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Controla quin tipus de missatges es mostren a l'usuari durant " +"l'autenticació. Com més gran sigui el nombre més missatges es mostren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "L'sssd actualment admet els següents valors:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: no mostris cap missatge" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: Mostra només missatges importants" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: Mostra missatges informatius" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Per defecte: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Per a qualsevol petició de PAM mentre és en línia, l'SSSD intentarà " +"actualitzar immediatament la informació d'identitat en memòria cau per a " +"l'usuari per tal de garantir que l'autenticació es porta a terme amb " +"l'última informació." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Una conversa completa de PAM pot realitzar múltiples peticions de PAM, com " +"ara la gestió del compte i la sessió d'inici. Aquesta opció controla (en " +"funció d'una aplicació client) quant de temps (en segons) es pot " +"emmagatzemar en memòria cau la informació d'identitat per evitar peticions " +"excessives al proveïdor d'identitat." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Per defecte: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +#, fuzzy +#| msgid "pam_account_expired_message (string)" +msgid "pam_account_locked_message (string)" +msgstr "pam_account_expired_message (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "pam_id_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "Opcions de configuració de SUDO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei del sudo. Les " +"instruccions detallades per la configuració del <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"perquè funcioni amb <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> estan en la pàgina del manual " +"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei de l'autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "Per defecte: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +#, fuzzy +#| msgid "mail_dir (string)" +msgid "ca_db (string)" +msgstr "mail_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "Per defecte: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "Opcions de configuració del contestador del PAC." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el contestador del PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "allowed_uids (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "SECCIONS DE DOMINI" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "min_id, max_id (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Els límits UID i GID per al domini. Si un domini conté una entrada que està " +"fora d'aquests límits, s'ignora." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Per a usuaris, això afecta el límit del GID primari. L'usuari no es " +"retornarà a l'NSS si l'UID o el GID primari és fora de l'interval. Per als " +"membres dels grups secundaris, els que estan dins l'interval es comunicaran " +"com s'esperava." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "enumerate (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" +"Determina si un domini pot ser enumerat. Aquest paràmetre pot tenir un dels " +"valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = Els usuaris i grups s'enumeren" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = Cap enumeració per a aquest domini" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "Per defecte: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Mentre s'està executant la primera enumeració, les peticions de llistes " +"completes d'usuaris o grups poden no retornar cap resultat fins que aquest " +"finalitzi." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"A més a més, permetre l'enumeració pot augmentar el temps necessari detectar " +"desconnexions de xarxa, ja que temps d'espera més llargs són necessaris per " +"assegurar-se que les cerques de l'enumeració s'han completat amb èxit. Per " +"a més informació, aneu a les pàgines de manual de l'id_provider específic en " +"ús." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Quants segons el nss_sss hauria de considerar les entrades vàlides abans de " +"demanar al rerefons una altra vegada" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "Per defecte: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "Per defecte: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "Per defecte: 0 (inhabilitat)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" +"Determina si les credencials d'usuari també són emmagatzemades en la memòria " +"cau local de LDB" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "Per defecte: 8" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Nombre de dies que les entrades es queden a la memòria cau després del " +"darrer inici de sessió vàlid abans de ser eliminat durant una neteja de la " +"memòria cau. 0 significa mantenir per sempre. El valor d'aquest paràmetre " +"ha de ser superior o igual que offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Per defecte: 0 (sense límit)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "id_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Si s'estableix a TRUE, totes les peticions a aquest domini han d'utilitzar " +"noms de domini qualificats. Per exemple, si s'utilitza a un domini LOCAL que " +"conté un usuari \"test\", <command>getent passwd test</command> no trobaria " +"l'usuari mentre que <command>getent passwd test@LOCAL</command> sí." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "auth_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"El proveïdor d'autenticació utilitzat per al domini. Els proveïdors " +"d'autenticació suportats són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> per a l'autenticació reenviada a algun altre objectiu " +"de PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> impossibilita l'autenticació explícitament." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Per defecte: <quote>id_provider</quote> s'utilitza si s'ha establert i pot " +"gestionar les sol·licituds d'autenticació." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "access_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"El proveïdor d'accés de control utilitzat per al domini. Hi ha dos " +"proveïdors d'accés incorporats (a més de qualsevol dels rerefons " +"instal·lats) Els proveïdors especials interns són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> sempre denega l'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> control d'accés basat en llistes d'acceptació o " +"denegació. Vegeu <citerefentry><refentrytitle>sssd-simple</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre la " +"configuració del mòdul d'accés simple." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "Per defecte: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "chpass_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"El proveïdor que hauria de gestionar les operacions de canvi contrasenya per " +"al domini. Els proveïdors de canvi de contrasenya compatibles són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor " +"LDAP. Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre " +"configuració d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> per al canvi de contrasenya reenviat a algun altre " +"objectiu PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Per defecte: <quote>auth_provider</quote> s'utilitza si s'ha establert i pot " +"gestionar peticions de canvi de contrasenya." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "sudo_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "selinux_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "autofs_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +#, fuzzy +#| msgid "" +#| "<quote>ldap</quote> to change a password stored in a LDAP server. See " +#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring LDAP." +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor " +"LDAP. Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre " +"configuració d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "hostid_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" +"Per defecte: <quote>(?P<nom>[^@]+)@?(?P<domini>[^@]*$)</quote> " +"que es tradueix per \"el nom és tot el que hi ha fins al símbol <quote>@</" +"quote> , el domini és tot el que hi ha després\"" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" +"ATENCIÓ SI US PLAU: una versió més antiga de libpcre només suporta la " +"sintaxi Python (?P <name>) a l'etiqueta subpatterns." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Per defecte: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Proporciona la capacitat de seleccionar la família d'adreces preferida en " +"realitzar cerques de DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "Valors admesos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "Per defecte: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" +"Defineix la quantitat de temps (en segons) per esperar per una resposta de " +"la resolució de DNS abans d'assumir que és inaccessible. Si s'arriba a " +"aquest temps d'espera, el domini seguirà operant en el mode fora de línia." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Per defecte: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Si el servei de descobriment s'utilitza en el rerefons, especifica la part " +"del domini de la consulta DNS del servei de descobriment." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "Per defecte: Utilitza la part del domini del nom de màquina" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "override_gid (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "case_sensitive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Per defecte: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "realmd_tags (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "memcache_timeout (int)" +msgid "cached_auth_timeout (int)" +msgstr "memcache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Aquestes opcions de configuració poden ser presents a una secció de " +"configuració de domini anomenada <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "El servidor intermediari on reenvia PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" +"Per defecte: No està establit per defecte, heu de prendre una configuració " +"de pam existent o crear-ne una de nova i afegir aquí el nom del servei." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"El nom de la biblioteca NSS per utilitzar als dominis del servidor " +"intermediari. Les funcions NSS que se cerquen a la biblioteca tenen el " +"format _nss_$(libName)_$(function), per exemple _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" +"Opcions vàlides per als dominis del servidor intermediari. <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "La secció del domini local" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" +"Aquesta secció conté paràmetres per a dominis que emmagatzemen els usuaris i " +"grups a la base de dades SSSD nadiu de, és a dir, un domini que utilitza " +"<replaceable>id_provider = local</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "default_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" +"El shell predeterminat per als usuaris que es creen amb eines de l'espai " +"d'usuari de l'SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "Per defecte: <filename>/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "base_directory (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" +"Les eines concatenen el nom d'usuari a <replaceable>base_directory</" +"replaceable> i utilitzen aquest com el directori inicial." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "Per defecte: <filename>/home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "create_homedir (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "Per defecte: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "remove_homedir (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "homedir_umask (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" +"Utilitzat per <citerefentry><refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> per especificar els permisos per " +"defecte en un directori inicial acabat de crear." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "Per defecte: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "skel_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" +"El directori esquemàtic que conté els fitxers i els directoris per copiar al " +"directori inicial, quan el directori inicial de l'usuari es crea amb " +"<citerefentry><refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "Per defecte: <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "mail_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" +"El directori de gestió de cues del correu. Aquest és necessari per manipular " +"la bústia de correu quan el compte d'usuari corresponent és modificat o " +"suprimit. Si no s'especifica, s'utilitzarà un valor per defecte." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "Per defecte: <filename>/var/correu</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "userdel_cmd (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" +"L'ordre que s'executa després d'eliminar un usuari. L'ordre passa el nom " +"d'usuari com el primer i únic paràmetre. El codi de retorn de l'ordre no es " +"té en compte." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "Per defecte: Cap, no s'executa cap comanda" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "EXEMPLE" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.exemple.com\n" +"ldap_search_base = dc=exemple,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.exemple.com\n" +"krb5_realm = EXEMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"En el següent exemple es mostra una configuració típica de l'SSSD. No es " +"descriu la configuració dels mateixos dominis - referiu-vos a la " +"documentació sobre la configuració dels dominis per a més detalls. " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Proveïdor de LDAP de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per " +"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</" +"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir " +"informació detallada de la sintaxi." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Podeu configurar SSSD per utilitzar més d'un domini d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" +"El rerefons LDAP suporta proveïdors d'identificació, autenticació, accés i " +"canvi de contrasenya. Si voleu autenticar contra un servidor LDAP s'exigeix " +"TLS/SSL o LDAPS. L'<command>sssd</command> <emphasis>no</emphasis> suporta " +"autenticació sobre un canal sense xifrar. Si el servidor de LDAP s'utilitza " +"només com a un proveïdor d'identitats, no és necessari un canal xifrat. Si " +"us plau, refereiu-vos a l'opció <quote>ldap_access_filter</quote> per a més " +"informació sobre l'ús d'LDAP com un proveïdor d'accés." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "OPCIONS DE CONFIGURACIÓ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "exemple: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Per habilitar el servei descobriment s'ha d'establir " +"ldap_chpass_dns_service_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"El DN base per defecte a utilitzar per realitzar operacions d'usuari d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "Exemples:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=exemple,dc=com?subtree?" +"(host=thishost)?dc=exemple.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "ldap_schema (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "Per defecte: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"El vincle DN per defecte per utilitzar en realitzar les operacions d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "El tipus de testimoni d'autenticació del vincle DN per defecte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "Els dos mecanismes suportats actualment són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "contrasenya" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "Per defecte: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" +"El testimoni de l'autenticació de l'omissió s'uneixen DN. Només aclarir " +"text contrasenyes estan suportats actualment." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "La classe d'objecte d'una entrada d'usuari a LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "Per defecte: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "L'atribut LDAP que correspon al nom de compte de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "Per defecte: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" +"L'atribut LDAP que correspon al númerdo de l'identificador de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "Per defecte: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" +"L'atribut LDAP que correspon a l'identificador del grup primari de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "Per defecte: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "L'atribut LDAP que correspon al camp gecos de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "Per defecte: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "L'atribut LDAP que conté el nom del directori inicial de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "Per defecte: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "L'atribut LDAP que conté el camí al shell per defecte de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "Per defecte: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"L'atribut LDAP que conté la data i hora de l'última modificació de l'objecte " +"pare." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "Per defecte: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (data de l'últim canvi de contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "Per defecte: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (edat mínima de la contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "Per defecte: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (edat màxima de la contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "Per defecte: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (període d'advertència de contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "Per defecte: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (període d'inactivitat de contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "Per defecte: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow o ldap_account_expire_policy=shadow, " +"aquest paràmetre conté el nom d'un atribut d'LDAP corresponent al seu " +"homòleg <citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (data de caducitat del compte)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "Per defecte: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"En utilitzar ldap_pwd_policy=mit_kerberos, aquest paràmetre conté el nom " +"d'un atribut d'LDAP que emmagatzema la data i hora del darrer canvi de " +"contrasenya en kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "Per defecte: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"En utilitzar ldap_pwd_policy=mit_kerberos, aquest paràmetre conté el nom " +"d'un atribut d'LDAP que emmagatzema la data i hora d'expiració de la " +"contrasenya actual." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "Per defecte: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "Per defecte: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "Per defecte: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "Per defecte: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "Per defecte: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"L'atribut LDAP que conté el Nom Principal d'Usuari (UPN) de l'usuari de " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "Per defecte: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "Per defecte: sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Alguns servidors de directori, per exemple Active Directory, podria entregar " +"la part de l'àmbit de l'UPN en minúscules, que podria provocar que " +"l'autenticació fallàs. Definiu aquesta opció a un valor diferent de zero si " +"voleu utilitzar un àmbit en majúscules." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Determina cada quant es comprova la memòria cau per entrades inactives " +"(grups sense membres i usuaris que mai no han iniciat una sessió) i eliminar-" +"los per estalviar espai." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "L'atribut LDAP que correspon al nom complet de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "Per defecte: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "L'atribut LDAP que llista la pertanença a grups de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "Per defecte: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Si access_provider=ldap i ldap_access_order=authorized_service, l'SSSD farà " +"servir la presència de l'atribut authorizedService a l'entrada LDAP de " +"l'usuari per determinar els privilegis d'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Una denegació explícita (!svc) es resol en primer lloc. En segon lloc, " +"l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "Per defecte: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "La classe d'objecte d'una entrada de grup a LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "Per defecte: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "L'atribut LDAP que es correspon amb el nom del grup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "L'atribut LDAP que correspon a l'identificador del grup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "L'atribut LDAP que conté els noms dels membres del grup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "ldap_group_type (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "ldap_group_member (string)" +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Si ldap_schema s'estableix a un format d'esquema que admeti els grups niats " +"(p. ex. RFC2307bis), llavors aquesta opció controla quants nivells de " +"nidificació seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema " +"RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "Per defecte: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "Per defecte: False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "La classe d'objecte d'una entrada de netgroup a LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "Per defecte: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "L'atribut LDAP que es correspon amb el nom del netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "L'atribut LDAP que conté els noms dels membres del netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "Per defecte: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"L'atribut LDAP que conté les tripletes netgroup (maquina, usuari, domini)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "Per defecte: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "Per defecte: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "Per defecte: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "Per defecte: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Especifica el temps d'espera (en segons) després que el " +"<citerefentry><refentrytitle>sondeig</refentrytitle> <manvolnum>2</" +"manvolnum></citerefentry>/<citerefentry><refentrytitle>selecció</" +"refentrytitle> <manvolnum>2</manvolnum></citerefentry> seguit d'una " +"<citerefentry><refentrytitle>connexió</refentrytitle> <manvolnum>2</" +"manvolnum></citerefentry> retorna en cas de cap activitat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "Per defecte: 900 (15 minuts)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "Per defecte: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Especifica quines comprovacions s'han de realitzar sobre els certificats de " +"servidor en una sessió TLS, si s'escau. Es pot especificar com un dels " +"valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = El client no demanarà o comprovarà cap " +"certificat del servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = El certificat del servidor se sol·licitarà. Si " +"no es proporciona cap certificat, la sessió avança normalment. Si es " +"proporciona un certificat dolent, s'ignorarà i la sessió procedirà " +"normalment." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = El certificat del servidor se sol·licitarà. Si no " +"es proporciona cap certificat, la sessió avança normalment. Si es " +"proporciona un certificat dolent, immediatament s'acaba la sessió." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = El certificat del servidor se sol·licitarà. Si " +"no es proporciona cap certificat, o se'n proporciona un de dolent, " +"immediatament s'acaba la sessió." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "Per defecte: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Especifica el fitxer que conté els certificats per a totes les Autoritats de " +"Certificació que reconeixerà l'<command>sssd</command>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Per defecte: Utilitza els valors per defecte d'OpenLDAP, normalment a " +"<filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Especifica el camí al directori que conté els certificats de l'autoritat " +"certificadora en fitxers separats independents. Normalment els noms dels " +"fitxers són el hash del certificat seguit de '. 0'. Si està disponible, " +"<command>cacertdir_rehash</command> es pot utilitzar per crear els noms " +"correctes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" +"Especifica que la connexió id_provider també ha d'utilitzar <systemitem " +"class=\"protocol\">tls</systemitem> per a protegir el canal." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "ldap_min_id, ldap_max_id (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" +"Especifica el mecanisme SASL a utilitzar. Actualment només GSSAPI és provat " +"i suportat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "Per defecte: el valor de krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "Per defecte: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "Especifica el fitxer keytab a utilitzar quan s'utilitza SASL/GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" +"Especifica que id_provider ha d'iniciar les credencials del Kerberos (TGT). " +"Aquesta acció únicament es realitza si s'utilitza SASL i el mecanisme " +"seleccionat és GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "Per defecte: 86400 (24 hores)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Quan s'utilitza el servei de descobriment per als servidors KDC o kpasswd, " +"l'SSSD primer cerca les entrades DNS que especifiquen _udp com el protocol i " +"retorna a _tcp si no se'n troba cap." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Aquesta opció s'anomenava <quote>krb5_kdcip</quote> en les primeres versions " +"de l'SSSD. Mentre que el nom antic és reconegut de moment, s'aconsella als " +"usuaris que migrin els seus fitxers de configuració per utilitzar " +"<quote>krb5_server</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "Especifica l'àmbit KERBEROS (per a l'autenticació SASL/GSSAPI)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/" +"krb5.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Selecciona la política per avaluar la caducitat de la contrasenya en el " +"costat del client. S'admeten els valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> - Cap avaluació del costat del client. Aquesta " +"opció no inhabilita les polítiques de contrasenya de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> - Usa els atributs utilitzats per MIT " +"Kerberos per determinar si la contrasenya ha caducat. Utilitza " +"chpass_provider=krb5 per actualitzar aquests atributs quan es canvia la " +"contrasenya." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" +"Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Tingueu en compte que l'sssd només admet l'encadenament de les referències " +"quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Especifica el nom de servei per utilitzar quan està habilitada la detecció " +"de serveis." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "Per defecte: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Especifica el nom del servei a utilitzar per trobar un servidor LDAP que " +"permeti els canvis de contrasenyes quan estigui habilitat el descobriment " +"dels serveis." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" +"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "Exemple:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" +"La memòria auxiliar sense connexió per a aquesta característica es limita a " +"determinar si el darrer inici de sessió de l'usuari amb connexió es va " +"concedir el permís d'accés. Si es va concedir l'accés durant el seu últim " +"inici de sessió, es continuarà concedint l'accés mentre s'estigui " +"desconnectat i viceversa." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "Per defecte: Buit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Amb aquesta opció es pot habilitar una avaluació del costat de client " +"d'atributs de control d'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Si us plau, tingueu en compte que sempre és recomanable utilitzar el control " +"d'accés del costat de servidor, és a dir, el servidor d'LDAP hauria de " +"denegar la petició de vincle amb un codi d'error adequat fins i tot si la " +"contrasenya és correcta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "S'admeten els valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: utilitza el valor ldap_user_shadow_expire per " +"determinar si el compte ha caducat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Llista separada per comes d'opcions de control d'accés. Els valors permesos " +"són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: utilitza l'atribut " +"authorizedService per determinar l'accés" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "Per defecte: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Si us plau, tingueu en compte que és un error de configuració si un valor " +"s'utilitza més d'una vegada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "ldap_deref (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Especifica com es realitza l'eliminació de les referències dels àlies quan " +"es fa una cerca. S'admeten les opcions següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" +"<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: les referències dels àlies són eliminades en " +"subordinats de l'objecte base, però no en la localització de l'objecte base " +"de la cerca." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: les referències dels àlies són eliminades " +"només en localitzar l'objecte base de la cerca." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: les referències dels àlies són eliminades tant " +"en la recerca i en la localització de l'objecte base de la cerca." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Per defecte: Buit (això es tractarà com a <emphasis>never</emphasis> amb les " +"biblioteques de client LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "ldap_opt_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Totes les opcions comunes de configuració que s'apliquen als dominis SSD " +"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS " +"DE DOMINI</quote> de la pàgina de manual de <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> per a tots els detalls. <placeholder type=\"variablelist\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "OPCIONS DE SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "Per defecte: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "Per defecte: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "Per defecte: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "Per defecte: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "Per defecte: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "Per defecte: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "Per defecte: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "Per defecte: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "Per defecte: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "Per defecte: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "Per defecte: 21600 (6 hores)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "OPCIONS D'AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "Per defecte: auto.master" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "Per defecte: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: automountMap" +msgid "Default: automount" +msgstr "Per defecte: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "OPCIONS AVANÇADES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"L'exemple següent presuposa que l'SSSD està correctament configurat i l'LDAP " +"està definit com a un dels dominis a la secció <replaceable>[domains]</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Les descripcions d'algunes de les opcions de configuració en aquesta pàgina " +"del manual es basen en la pàgina del manual <citerefentry>de " +"<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> de la distribució d'OpenLDAP 2.4." + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>La línia de desenvolupament " +"principal de l'SSSD - http://fedorahosted.org/sssd</orgname>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "Mòdul de PAM per SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> és la interfície PAM a l'SSSD (System Security " +"Services daemon). Els errors i els resultats es registren a través de " +"<command>syslog(3)</command> amb el canal LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "Suprimeix el registre dels missatges per als usuaris desconeguts." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Si s'estableix <option>forward_pass</option>, la contrasenya que " +"s'introdueix es posa a la pila perquè els altres mòduls del PAM l'utilitzin." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"L'argument use_first_pass obliga al mòdul que utilitzi una contrasenya " +"apilada anteriorment dels mòduls i mai ho demanarà l'usuari - si no hi ha " +"cap contrasenya o no és correcta, es denegarà l'accés a l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Quan el canvi de contrasenya força al mòdul a establir la nova contrasenya a " +"la proporcionada per un mòdul de contrasenya prèviament apilat." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Si s'especifica, en cas de fallar l'autenticació a l'usuari se li demanarà N " +"vegades més una contrasenya. Per defecte és 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Si us plau, tingueu en compte que aquesta opció podria no funcionar com " +"s'espera si l'aplicació que crida PAM gestiona pel seu compte el diàleg amb " +"l'usuari. Un exemple típic és <command>sshd</command> amb " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Si s'especifica aquesta opció i no existeix l'usuari, el mòdul PAM retornarà " +"PAM_IGNORE. Això provoca que el marc de treball del PAM ignori aquest mòdul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Especifica que el mòdul PAM ha de retornar PAM_IGNORE si no pot contactar " +"amb el domini SSSD. Això provoca que el marc de treball del PAM ignori " +"aquest mòdul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "<option>domains</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" +"Permet a l'administrador que restringeixi els dominis que un servei PAM " +"concret pot autentificar-s'hi. El format és una llista separada per comes " +"dels noms dels dominis SSSD, com s'especifica al fitxer sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"NOTA: Ha d'utilitzar-se juntament amb les opcions <quote>pam_trusted_users</" +"quote> i <quote>pam_public_domains</quote>. Si us plau, vegeu la pàgina del " +"manual de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> per a més informació sobre aquestes " +"dues opcions del contestador del PAM." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "TIPUS DE MÒDULS PROPORCIONATS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Es proporcionen tots els tipus de mòduls (<option>account</option>, " +"<option>auth</option>, <option>password</option> i <option>session</option>)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "FITXERS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Si falla el restabliment d'una contrasenya per root, perquè el proveïdor " +"SSSD corresponent no admet el restabliment de les contrasenyes, es pot " +"mostrar un missatge concret. Aquest missatge per exemple pot contenir les " +"instruccions sobre com es restableix una contrasenya." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"El missatge es llegeix del fitxer <filename>pam_sss_pw_reset_message.LOC</" +"filename> on LOC representa una cadena de la configuració regional retornada " +"amb <citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</" +"manvolnum> </citerefentry>. Si no hi ha cap coincidència, es mostra el " +"contingut del fitxer <filename>pam_sss_pw_reset_message.txt</filename>. El " +"propietari dels fitxers ha de ser root i tan sols root ha de tenir els " +"permisos de lectura i escriptura, mentre que tots els altres usuaris " +"únicament han de tenir els permisos de lectura." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Aquests fitxers se cerquen al directori <filename>/etc/sssd/customize/" +"NOM_DOMINI/</filename>. Si no hi ha present cap fitxer que hi coincideixi, " +"es mostrarà un missatge genèric." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"No totes les implementacions del Kerberos admeten l'ús de connectors. Si " +"<command>sssd_krb5_locator_plugin</command> no estigués disponible al vostre " +"sistema, heu d'editar /etc/krb5.conf per reflectir la vostra configuració " +"del Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"el fitxer de configuració per al proveïdor de control d'accés 'simple' de " +"l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració del proveïdor de " +"control d'accés simple per a <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>. Per a una " +"referència detallada de la sintaxi, aneu a la secció <quote>FORMAT DEL " +"FITXER</quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"El proveïdor d'accés simple concedeix o denega l'accés basat en una llista " +"d'accés o denegació dels noms dels usuaris o dels noms dels grups. " +"S'apliquen les regles següents:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Si totes les llistes estan buides, es concedeix l'accés" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Si es proporciona alguna llista, l'ordre d'avaluació és permissió, " +"denegació. Això vol dir que qualsevol coincidència amb la regla de denegació " +"reemplaçarà qualsevol coincidència amb la regla de permissió." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Si es proporcionen una o ambdues llistes de \"permissió\", tots els usuaris " +"són denegats excepte els que apareixen a la llista." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Si només es proporcionen llistes de \"denegació\", es concedeix l'accés a " +"tots els usuaris excepte els que apareixen a la llista." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" +"Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Llista separada per comes dels usuaris a qui se'ls denega explícitament " +"l'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Llista separada per comes dels grups a qui se'ls permet iniciar la sessió. " +"Això s'aplica únicament als grups dins d'aquest domini SSSD. No s'avaluen " +"els grups locals." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Llista separada per comes dels grups a qui se'ls denega explícitament " +"l'accés. Això s'aplica únicament als grups dins d'aquest domini SSSD. No " +"s'avaluen els grups locals." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Per a més informació sobre la configuració d'un domini SSSD, consulteu la " +"secció <quote>SECCIONS DELS DOMINIS</quote> de la pàgina del manual " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Si us plau, tingueu en compte que és un error de configuració si es " +"defineixen alhora simple_allow_users i simple_deny_users." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"En el següent exemple s'assumeix que l'SSD està configurat correctament i " +"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</" +"replaceable>. En aquest exemple es mostren únicament les opcions " +"específiques del proveïdor d'accés simple." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" +"[domini/exemple.com]\n" +"access_provider = simple\n" +"simple_allow_users = usuari1, usuari2\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"La jerarquia completa de la pertinença a un grup es resol abans de la " +"comprovació de l'accés, de manera que fins i tot els grups imbricats es " +"poden incloure a les llistes d'accés. Si us plau, tingueu cura que l'opció " +"<quote>ldap_group_nesting_level</quote> pot influir amb els resultats i s'ha " +"d'establir amb un valor suficient. L'opció (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Proveïdor d'IPA de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA " +"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la " +"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual " +"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"El proveïdor d'IPA és un programari especialitzat que s'utilitza per " +"connectar a un servidor IPA. (Consulteu el lloc web freeipa.org per obtenir " +"informació sobre els servidors IPA). Aquest proveïdor requereix que " +"s'afegeixi la màquina al domini d'IPA; la configuració s'autodescobreix " +"gairebé totalment i s'obté directament del servidor." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "ipa_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Especifica el nom del domini IPA. És opcional. Si no se n'especifica cap, " +"s'utilitza el nom de domini de la configuració." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" +"Opcional. Es pot definir en màquines on el hostname(5) no reflecteix el nom " +"complet utilitzat en el domini d'IPA per identificar aquest amfitrió." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "Per defecte: False (inhabilitat)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_server (string)" +msgstr "dyndns_iface (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "Per defecte: Utilitza el DN base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" +"Comproveu amb l'ajuda de krb5_keytab que la TGT obtinguda no ha sigut " +"suplantada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" +"Tingueu en compte que aquesta opció per defecte difereix del tradicional " +"proveïdor Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "Per defecte: try" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "Per defecte: 5 (segons)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "Per defecte: nsContainer" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "ipa_overide_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "Per defecte: ipaOverrideAnchor" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "Per defecte: ipaAnchorUUID" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "ldap_user_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "ldap_user_uid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "ldap_user_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "ldap_user_gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "ldap_user_home_directory" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "ldap_user_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "ldap_user_ssh_public_key" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "Per defecte: ipaUserOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "ldap_group_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "ldap_group_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "Per defecte: ipaGroupOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "PROVEÏDOR DELS SUBDOMINIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"En el següent exemple s'assumeix que l'SSD està configurat correctament i " +"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</" +"replaceable>. En aquest exemple es mostren únicament les opcions " +"específiques del proveïdor IPA." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" +"[domini/exemple.com]\n" +"id_provider = ipa\n" +"ipa_server = servidoripa.exemple.com\n" +"ipa_hostname = elmeuanfitrio.exemple.com\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Proveïdor d'Active Directory de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "ad_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "ad_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "Per defecte: Sense establir" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "ad_site (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "Per defecte: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "Per defecte: enforcing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "login" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "su" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "su-l" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "gdm-fingerprint" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "gdm-password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "gdm-smartcard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +#, fuzzy +#| msgid "kdm" +msgid "xdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "sshd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "ftp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "samba" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "crond" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_service = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "sudo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "sudo-i" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "systemd-user" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_deny = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "Per defecte: 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +#, fuzzy +#| msgid "pam_account_expired_message (string)" +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "pam_account_expired_message (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Per defecte: 86400 (24 hores)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "Per defecte: 3600 (segons)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "Per defecte: True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXEMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.exemple.com\n" +"ad_hostname = client.exemple.com\n" +"ad_domain = exemple.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXEMPLE\n" +"\n" +"[domain/EXEMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://exemple.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=exemple,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "paraula clau ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "comodí" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" +"dimoni dels serveis de seguretat del sistema (System Security Services " +"Daemon)" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"L'<command>SSSD</command> proporciona un conjunt de dimonis per gestionar " +"l'accés als directoris remots i els mecanismes d'autenticació. Proporciona " +"una interfície NSS i PAM cap al sistema i un sistema d'accés a la capa de " +"dades amb connectors per connectar a orígens múltiples de comptes diferents, " +"com ara la interfície D-Bus. També és la base per proporcionar l'auditoria " +"dels clients i les polítiques dels serveis per a projectes com FreeIPA. " +"Proporciona una base de dades més robusta on emmagatzemar els usuaris " +"locals, així com dades addicionals de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVELL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: Afegeix una marca temporal als registres de depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: Inhabilita la marca temporal als registres de " +"depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: Afegeix els mil·lisegons a les marques temporals als " +"missatges de depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis>: Inhabilita els mil·lisegons a les marques temporals" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" +"Envia la sortida de depuració als fitxers en comptes de l'stderr. Per " +"defecte, els fitxers dels registres s'emmagatzemen a <filename>/var/log/" +"sssd</filename> i hi ha fitxers dels registres que se separen per a cadascun " +"dels serveis i dels dominis de l'SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "Esdevé un dimoni després de la posada en marxa." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "Executa en primer pla, no esdevinguis un dimoni." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Especifica un fitxer de configuració diferent al predeterminat. Per defecte " +"és <filename>/etc/sssd/sssd.conf</filename>. Per consultar la sintaxi del " +"fitxer de configuració i les opcions, aneu a la pàgina del manual del " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "Imprimeix el número de la versió i surt." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "Senyals" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Informa l'SSSD per finalitzar elegantment tots els seus processos fills i " +"després atura el monitor." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Diu a l'SSSD que deixi d'escriure als actuals descriptors de fitxers de " +"depuració i que els tanqui i els reobri. Això intenta facilitar la rotació " +"dels registres amb programes com logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Diu a l'SSSD que simuli l'operació sense connexió pel període del paràmetre " +"<quote>offline_timeout</quote>. Això és útil per fer proves. El senyal es " +"pot enviar directament al procés sssd o sssd_be." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Diu a l'SSSD que es desconnecti immediatament. Això és útil per fer proves. " +"El senyal es pot enviar directament al procés sssd o sssd_be." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" +"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les " +"aplicacions clients no utilitzaran el fast en la memòria cau." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "ofusca una contrasenya en text clar" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> converteix una contrasenya especificada a " +"un format illegible per als humans i la posa a la secció del domini adequat " +"del fitxer de configuració de l'SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"La contrasenya en text clar es llegeix de l'entrada estàndard o s'introdueix " +"de forma interactiva. La contrasenya ofuscada es fica al paràmetre " +"<quote>ldap_default_authtok</quote> del domini SSSD indicat, i el paràmetre " +"<quote>ldap_default_authtok_type</quote> s'estableix a " +"<quote>obfuscated_password</quote>. Consulteu <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> per a més detalls sobre aquests paràmetres." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Tingueu en compte que ofuscar les contrasenyes <emphasis>no proporciona cap " +"benefici real de seguretat</emphasis>, ja que un atacant encara podria " +"extreure la contrasenya amb enginyeria inversa. Es recomana " +"<emphasis>aferrissadament</emphasis> l'ús de mecanismes d'autenticació " +"millors com els certificats al cantó del client o el GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"El domini SSSD on s'utilitza la contrasenya. El nom per defecte és " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FITXER</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" +"Llegeix el fitxer de configuració que s'especifica amb el paràmetre " +"posicional." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Per defecte: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_userdel" +msgid "sss_override" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" +"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +#, fuzzy +#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" +"<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" +"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "SUDO OPTIONS" +msgid "COMMON OPTIONS" +msgstr "OPCIONS DE SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" +"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "sss_useradd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "crea un nou usuari" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>OPCIONS</" +"replaceable></arg> <arg choice='plain'> <replaceable>USUARI</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" +"<command>sss_useradd</command> crea un nou compte d'usuari amb els valors " +"que s'especifiquen en la línia d'ordres més els valors per defecte del " +"sistema." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Estableix l'UID de l'usuari al valor de l'<replaceable>UID</replaceable>. Si " +"no se'n proporciona cap, es tria automàticament." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENTARI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Qualsevol cadena de text amb la descripció de l'usuari. Sovint s'utilitza " +"com a camp per al nom complet de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>DIRECTORI_INICIAL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" +"El directori inicial del compte de l'usuari. Per defecte s'afegeix " +"l'<replaceable>USUARI</replaceable> a <filename>/home</filename> i " +"s'utilitza aquest com el directori inicial. La base que s'afegeix abans de " +"l'<replaceable>USUARI</replaceable> es pot personalitzar amb l'ajust " +"<quote>user_defaults/baseDirectory</quote> a l'sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" +"El shell d'inici de sessió de l'usuari. Per defecte és <filename>/bin/bash</" +"filename>. Es pot canviar el valor per defecte amb l'ajust " +"<quote>user_defaults/defaultShell</quote> de l'sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-G</option>,<option>--groups</option> <replaceable>GRUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "Una llista dels grups existents que aquest usuari també n'és membre." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "<option>-m</option>,<option>--create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" +"Crea el directori inicial de l'usuari si no existeix. Al directori inicial " +"es copiaran els fitxers i els directoris continguts al directori esquemàtic " +"(que es pot definir amb l'opció -k o al fitxer de configuració)." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" +"No crea el directori inicial de l'usuari. Substitueix els ajusts de la " +"configuració." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" +"<option>-k</option>,<option>--skel</option> " +"<replaceable>DIRECTORI_ESQUEMÀTIC</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" +"El directori esquemàtic que conté els fitxers i els directoris per copiar al " +"directori inicial de l'usuari, quan es crea el directori inicial amb " +"<command>sss_useradd</command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" +"No es copiaran els fitxers especials (dispositius de blocs, dispositius de " +"caràcters, canonades amb noms i sòcols d'UNIX)." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" +"Aquesta opció tan sols és vàlida si s'especifica l'opció <option>-m</option> " +"(o <option>--create-home</option>), o bé la creació dels directoris inicials " +"està establerta a TRUE a la configuració." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" +"L'usuari de SELinux per a l'inici de sessió de l'usuari. Si no s'especifica, " +"s'utilitzarà el predeterminat del sistema." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Per defecte: Utilitza el KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Per defecte: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (cadena)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "nom d'usuari" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "UID de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nom real" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "directori inicial" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Per defecte: (del libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "Per defecte: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> per segons" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> per minuts" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> per hores" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> per dies." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXEMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "sss_groupadd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "crea un nou grup" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" +"<command>sss_groupadd</command> crea un nou grup. Aquests grups són " +"compatibles amb els grups POSIX, amb la característica addicional que poden " +"contenir altres grups com a membres." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Estableix el GID del grup al valor del <replaceable>GID</replaceable>. Si no " +"se'n proporciona cap, es tria automàticament." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "suprimeix el compte d'un usuari" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" +"<command>sss_userdel</command> suprimeix un usuari identificat amb el nom " +"d'usuari <replaceable>USUARI</replaceable> del sistema." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "<option>-r</option>,<option>--remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Els fitxers al directori inicial de l'usuari seran eliminats juntament amb " +"el mateix directori inicial i la gestió de cues del correu de l'usuari. " +"Substitueix la configuració." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Els fitxers al directori inicial de l'usuari no seran eliminats juntament " +"amb el mateix directori inicial i la gestió de cues del correu de l'usuari. " +"Substitueix la configuració." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" +"Aquesta opció obliga a <command>sss_userdel</command> a suprimir el " +"directori inicial i la gestió de cues del correu de l'usuari, encara que no " +"siguin de la propietat de l'usuari especificat." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "<option>-k</option>,<option>--kick</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "Abans d'eliminar realment a l'usuari, acaba tots els seus processos." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "suprimeix un grup" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" +"<command>sss_groupdel</command> suprimeix un grup identificat amb el seu nom " +"de <replaceable>GRUP</replaceable> del sistema." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "imprimeix les propietats d'un grup" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" +"<command>sss_groupshow</command> mostra la informació sobre un grup " +"identificat amb el seu nom de <replaceable>GRUP</replaceable>. La informació " +"inclou el número de l'id. del grup, els membres del grup i el grup primari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "<option>-R</option>,<option>--recursive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "modifica el compte d'un usuari" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>OPCIONS</" +"replaceable></arg> <arg choice='plain'> <replaceable>USUARI</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" +"<command>sss_usermod</command> modifica el compte especificat amb " +"<replaceable>USUARI</replaceable> per reflectir els canvis que " +"s'especifiquen a la línia d'ordres." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "El directori inicial del compte de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "El shell d'inici de sessió de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Annexa aquest usuari als grups que s'especifiquen amb el paràmetre dels " +"<replaceable>GRUPS</replaceable>. El paràmetre dels <replaceable>GRUPS</" +"replaceable> és una llista delimitada per comes dels noms dels grups." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "<option>-l</option>,<option>--lock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "Bloqueja el compte de l'usuari. L'usuari no podrà iniciar la sessió." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "<option>-u</option>,<option>--unlock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "Desbloqueja el compte de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "L'usuari de SELinux per a l'inici de sessió de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" +"<option>--addattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "Afegeix una parella atribut/valor. El format és nomatribut=valor." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" +"<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" +"Estableix un atribut a la parella nom/valor. El format és nomatribut=valor. " +"Per als atributs amb múltiples valors, l'ordre substitueix els valors ja " +"presents" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" +"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "Elimina una parella atribut/valor. El format és nomatribut=valor." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "fa neteja de la memòria cau" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" +"<command>sss_cache</command> invalida els registres a la memòria cau de " +"l'SSSD. Els registres invalidats es veuen obligats a recarregar-se des del " +"servidor tan aviat com la capa d'accés de dades implicada de l'SSSD estigui " +"en línia." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" +"Invalida totes les entrades de la memòria cau amb l'excepció de les regles " +"sudo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>usuari</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "Invalida un usuari específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Invalida tots els registres dels usuaris. Aquesta opció anul·la la " +"invalidació d'un usuari específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>grup</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "Invalida un grup específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Invalida tots els registres dels grups. Aquesta opció anul·la la invalidació " +"d'un grup específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>grup-de-xarxa</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "invalida un grup de xarxa específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Invalida tots els registres dels grups de xarxa. Aquesta opció anul·la la " +"invalidació d'un grup de xarxa específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>servei</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "invalida un servei específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Invalida tots els registres dels serveis. Aquesta opció anul·la la " +"invalidació d'un servei específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>assignació-" +"autofs</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "Invalida una assignació autofs específica." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Invalida tots els registres de les assignacions autofs. Aquesta opció " +"anul·la la invalidació d'una assignació autofs específica, si també es va " +"especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>nom-amfitrió</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "Invalida les claus públiques SSH d'un amfitrió especific." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "<option>-H</option>,<option>--ssh-hosts</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" +"Invalida tots els registres de les claus públiques SSH de tots els " +"amfitrions. Aquesta opció anul·la la invalidació d'una clau pública SSH d'un " +"amfitrió específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domini</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Restringeix el procés d'invalidació a tan sols un domini concret." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "canvia el nivell de depuració mentre s'està executant l'SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg " +"choice='plain'><replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" +"<command>sss_debuglevel</command> canvia el nivell de depuració del monitor " +"i dels proveïdors de l'SSSD monitor al <replaceable>NOU_NIVELL_DE_DEPURACIÓ</" +"replaceable> mentre s'està executant l'SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "implanta la memòria cau de l'SSSD amb un usuari" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMINI</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USUARI</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> implanta la memòria cau de l'SSSD amb una " +"entrada d'un usuari i la contrasenya temporal. Si l'entrada d'un usuari ja " +"està present a la memòria cau de l'SSSD aleshores s'actualitza l'entrada amb " +"la contrasenya temporal." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMINI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Proporciona el nom del domini en el qual l'usuari n'és membre. El domini " +"també s'utilitza per recuperar la informació de l'usuari. El domini ha " +"d'estar configurat a l'sssd.conf. S'ha de proporcionar l'opció del " +"<replaceable>DOMINI</replaceable>. La informació recuperada del domini " +"anul·la aquella que es proporcioni a les opcions." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"L'entrada del nom d'usuari a crear o modificar a la memòria cau. S'ha de " +"proporcionar l'opció de l'<replaceable>USUARI</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Estableix l'UID de l'usuari a <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Estableix el GID de l'usuari a <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Establix el directori inicial de l'usuari a <replaceable>DIRECTORI_INICIAL</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Estableix el shell d'inici de sessió de l'usuari a <replaceable>SHELL</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Mode interactiu per a la introducció de la informació de l'usuari. Aquesta " +"opció només demanà la informació no proporcionada a les opcions o que no es " +"recuperi del domini." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>FITXER_CONTRASENYA</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Especifica el fitxer des d'on llegir la contrasenya de l'usuari. (si no " +"s'especifica, es demana per la contrasenya)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"La longitud de la contrasenya (o la mida del fitxer que s'especifica amb " +"l'opció -p o --password-file) ha de ser més petita o igual que PASS_MAX " +"bytes (64 bytes en els sistemes que no defineixen globalment el valor de " +"PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "contestador de l'InfoPipe de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració del contestador de " +"l'InfoPipe per a <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Per a una referència detallada de " +"la sintaxi, consulteu la secció <quote>FORMAT DEL FITXER</quote> de la " +"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"El contestador de l'InfoPipe proporciona una interfície D-Bus publica que es " +"pot accedir a través del bus del sistema. La interfície permet que l'usuari " +"consulti informació sobre els usuaris i els grups remots a través del bus " +"del sistema." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el contestador de " +"l'InfoPipe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Especifica una llista separada per comes dels valors dels UID o dels noms " +"d'usuaris que estan assignats per accedir al contestador de l'InfoPipe. Els " +"noms d'usuaris es resolen als UID en la preparació." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"Per defecte: 0 (únicament a l'usuari root se li permet l'accés al " +"contestador de l'InfoPipe)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Tingueu en compte que encara que s'utilitzi l'UID 0 com a valor per defecte " +"se sobreescriurà amb aquesta opció. Si encara voleu permetre que l'usuari " +"root accedeixi al contestador de l'InfoPipe, el que seria el cas típic, " +"també cal afegir 0 a la llista dels UID permesos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Especifica una llista separada per comes dels atributs de la llista negra o " +"blanca." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "nom d'inici de sessió de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "id. de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "id. del grup primari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "informació de l'usuari, normalment el nom complet " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "shell de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Per defecte, el contestador de l'InfoPipe únicament permet que se " +"sol·licitin el conjunt per defecte dels atributs POSIX. Aquest conjunt és el " +"mateix que es retorna amb <citerefentry> <refentrytitle>getpwnam</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> i inclou: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Es poden afegir altres atributs a aquest conjunt amb <quote>+nom_atribut</" +"quote> o suprimir explícitament un atribut amb <quote>-nom_atribut</quote>. " +"Per exemple, per permetre <quote>telephoneNumber</quote> però denegar " +"<quote>loginShell</quote>, podríeu utilitzar la següent configuració: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Per defecte: sense establir. Únicament es permet el conjunt per defecte dels " +"atributs POSIX." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Desenvolupador (2013-2014)</contrib> " +"</author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Desenvolupador (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "sss_rpcidmapd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "les directrius de configuració del complement sss per al rpc.idmapd" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "FITXER DE CONFIGURACIÓ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" +"El fitxer de configuració rpc.idmapd normalment es troba a <emphasis>/etc/" +"idmapd.conf</emphasis>. Vegeu <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per més informació." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "AMPLIACIÓ DE LA CONFIGURACIÓ DE L'SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "Habilita el complement SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" +"En la secció <quote>[Translation]</quote>, modifiqueu o establiu l'atribut " +"<quote>Method</quote> per abastar <emphasis>sss</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "Secció de configuració [sss]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" +"Per canviar el valor per defecte d'un dels atributs de configuració del " +"connector de l'<emphasis>sss</emphasis> que es llisten a continuació, " +"necessitareu crear-li una secció de configuració, anomenada <quote>[sss]</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "Atributs de configuració" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "memcache (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "Indica si s'utilitza o no la tècnica d'optimització de la memòria cau." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "INTEGRACIÓ DE L'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" +"El connector sss requereix que s'habiliti el <emphasis>contestador del NSS</" +"emphasis> al sssd." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" +"L'atribut <quote>use_fully_qualified_names</quote> ha d'estar habilitat en " +"tots els dominis (els clients de NFSv4 esperen un FQN per a ser enviats al " +"cable)." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# el domini ha de sincronitzar-se entre el servidor i els clients del NFSv4\n" +"# Solaris/Illumos/AIX utilitzen \"localdomain\" com a predeterminat!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector " +"sss. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VEGEU TAMBÉ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "obté les claus autoritzades de l'OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>opcions</replaceable> </arg> <arg " +"choice='plain'><replaceable>USUARI</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "obté les claus de l'amfitrió de l'OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuració" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "El nom del domini" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "El protocol" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Vegeu també" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (enter)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "Per defecte: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (enter)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "Per defecte: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (enter)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (booleà)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_range_size (enter)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Mostra el missatge d'ajuda i surt." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"L'SSSD admet dues representacions per a l'especificació del nivell de " +"depuració. La més senzilla és especificar un número del 0-9, que representa " +"el que permet cada nivell i tots els missatges de depuració de nivell baix. " +"L'opció més exhaustiva és especificar una màscara de bits en hexadecimal per " +"activar o desactivar els nivells específics (per exemple, si voleu suprimir " +"un nivell)." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" +"Si us plau, tingueu en compte que cadascun dels serveis de l'SSSD registra " +"el seu fitxer propi de registre. També tingueu en compte que l'habilitació " +"del <quote>debug_level</quote> a la secció <quote>[sssd]</quote>únicament " +"habilita la depuració del mateix procés de l'sssd, no per al procés del " +"contestador o del proveïdor. El paràmetre <quote>debug_level</quote> s'ha " +"d'afegir en totes les seccions que vulgueu que generin registres." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" +"A més de canviar el nivell del registre al fitxer de configuració amb el " +"paràmetre <quote>debug_level</quote>, que és permanent, però requereix que " +"es reiniciï l'SSSD, també és possible canviar el nivell de depuració al vol " +"amb l'eina <citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "Els nivells de depuració que s'admeten actualment:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fallides fatals. " +"Qualsevol cosa que impedeixi la posada en marxa de l'SSSD o provoqui el seu " +"cessament." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Fallides crítiques. Un " +"error que no mata a l'SSSD, però un que indica que almenys hi ha una " +"característica important que no funcionarà correctament." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Fallides serioses. Un " +"error que anuncia que una petició o una operació en particular ha fallat." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Fallides menors. " +"Aquests són els errors que enterboleixen i poden fer fracassar l'operació " +"dels 2." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Ajusts de la " +"configuració." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" +"<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Dades de les funcions." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Missatges de traça per " +"al funcionament de les funcions." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Missatges de traça per " +"a les funcions internes de control." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contingut de les " +"variables de les funcions internes que poden ser interessants." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Informació de traçat " +"extremadament de baix nivell." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"Per registrar els nivells de depuració de la màscara de bits que es " +"requereixi, només heu d'afegir els seus números com es mostra en els " +"següents exemples:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, les " +"fallides crítiques, les fallides serioses i les dades de les funcions, " +"utilitzeu0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, els ajusts " +"de la configuració, les dades de les funcions, els missatges de traça per a " +"les funcions internes de control, utilitzeu 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Nota</emphasis>: El format de la màscara de bits dels nivells de " +"depuració es va introduir en la versió 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "<emphasis>Per defecte</emphasis>: 0" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "EL DOMINI LOCAL" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Per a un funcionament correcte, s'ha de crear un domini amb " +"<quote>id_provider=local</quote> i l'SSSD ha d'estar en execució." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"L'administrador pot ser que vulgui utilitzar els usuaris locals de l'SSSD en " +"lloc dels usuaris tradicionals d'UNIX en els casos en què es requereixi la " +"imbricació dels grups (vegeu <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>). Els usuaris locals " +"també són útils per provar i desplegar l'SSSD sense haver de desplegar tot " +"un servidor remot. Les eines <command>sss_user*</command> i " +"<command>sss_group*</command> utilitzen l'emmagatzematge LDB local per " +"emmagatzemar els usuaris i els grups." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (cadena)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (cadena)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Per defecte: /home" + +#~ msgid "Default: ou" +#~ msgstr "Per defecte: ou" --- sssd-1.13.4.orig/src/man/po/cs.po +++ sssd-1.13.4/src/man/po/cs.po @@ -0,0 +1,11325 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# sgallagh <sgallagh@redhat.com>, 2011 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/" +"cs/)\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Manuálové stránky SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "POPIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "VOLBY" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +msgid "Default: /etc/pki/nssdb" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +msgid "wildcart_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +msgid "Default: automount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>Vývojáři SSSD - http://fedorahosted." +"org/sssd</orgname>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</" +"replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "<option>-h</option>,<option>--help</option>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "OPTIONS" +msgid "COMMON OPTIONS" +msgstr "VOLBY" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "vymazat skupinu" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</" +"replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" +"<command>sss_groupdel</command> odstraní ze systému skupinu určenou jejím " +"jménem<replaceable>SKUPINA</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VIZ TAKÉ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Zobraz nápovědu a ukonči program." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/de.po +++ sssd-1.13.4/src/man/po/de.po @@ -0,0 +1,13701 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Chris Leick <c.leick@vollbio.de>, 2013 +# Fabian Affolter <fab@fedoraproject.org>, 2011 +# Mario Blättermann <mario.blaettermann@gmail.com>, 2014 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-09 02:21-0400\n" +"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n" +"Language-Team: German (http://www.transifex.com/projects/p/sssd/language/" +"de/)\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD-Handbuchseiten" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "Ändern einer Gruppe" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "BESCHREIBUNG" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> ändert die Gruppe, um die auf der " +"Befehlszeile angegebenen Änderungen widerzuspiegeln." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GRUPPEN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"hängt diese Gruppe an die Gruppen an, die durch den Parameter " +"<replaceable>GRUPPEN</replaceable> angegeben wurden. Der Parameter " +"<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste " +"von Gruppennamen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPPEN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"entfernt diese Gruppe von den Gruppen, die durch den Parameter " +"<replaceable>GRUPPEN</replaceable> angegeben wurden." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "Dateiformate und Konventionen" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "die Konfigurationsdatei für SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "DATEIFORMAT" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Die Datei hat eine Syntax im Ini-Stil. Sie besteht aus Abschnitten und " +"Parametern. Ein Abschnitt beginnt mit dem Namen des Abschnitts in eckigen " +"Klammern und dauert bis zum Anfang des nächsten Abschnitts. Ein Beispiel " +"eines Abschnitts mit Parametern, die einzelne und mehrere Werte haben: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Die benutzten Datentypen sind Zeichenkette (keine Anführungszeichen nötig), " +"Ganzzahl und Boolesch (mit den Werten »TRUE« und »FALSE«)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Eine Kommentarzeile beginnt mit einem Rautenzeichen (»#«) oder einem " +"Strichpunkt (»;«). Kommentare innerhalb von Zeilen werden nicht unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Alle Abschnitte können einen optionalen Parameter <replaceable>Beschreibung</" +"replaceable> haben. Er dient nur als Beschriftung eines Abschnitts." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> muss eine normale Datei sein, die Root gehört " +"und die nur von Root gelesen oder geschrieben werden darf." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "ALLGEMEINE OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Die folgenden Optionen sind in mehreren Konfigurationsabschnitten verfügbar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "In allen Abschnitten verfügbare Optionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "debug_level (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Voreinstellung: »true«" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "Voreinstellung: »false«" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "In den Abschnitten SERVICE und DOMAIN verwendbare Optionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" +"Zeitüberschreitung in Sekunden zwischen Herzschlägen dieses Dienstes. Dies " +"dient dazu, sicherzustellen, dass ein Prozess läuft und in der Lage ist, " +"Anfragen zu beantworten." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Voreinstellung: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "BESONDERE ABSCHNITTE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "Der Abschnitt [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Abschnittsparameter" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"gibt die Syntax der Konfigurationsdatei an. SSSD 0.6.0 und neuer benutzen " +"Version 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "Dienste" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" +"Durch Kommata getrennte Liste der Dienste, die beim Start von SSSD selbst " +"gestartet werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Unterstützte Dienste sind: nss, pam <phrase condition=\"with_sudo\">, sudo</" +"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder" +"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Anzahl der Versuche, die ein Dienst unternehmen sollte, um sich erneut zu " +"verbinden, bevor er aufgibt, falls ein Datenanbieter abgestürzt ist oder neu " +"startet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Voreinstellung: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "Domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"voreingestellter regulärer Ausdruck, der beschreibt, in welche Bestandteile " +"die Zeichenkette mit Benutzernamen und Domain bei der Auswertung zerlegt " +"werden sollen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" +"Für jede Domain kann ein individueller regulärer Ausdruck konfiguriert " +"werden. Für einige ID-Anbieter gibt es auch voreingestellte reguläre " +"Ausdrücke. Weitere Informationen über diese regulären Ausdrücke finden Sie " +"unter DOMAIN-ABSCHNITTE." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"ein mit <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> kompatibles Format, das beschreibt, wie ein voll " +"qualifizierter Name aus den Bestandteilen Benutzername und Domain-Name " +"zusammengestellt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "Benutzername" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"flacher Name der Domain; meist für Active-Directory-Domains nützlich, sowohl " +"direkt konfiguriert als auch über IPA-Trust" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Die folgenden Erweiterungen werden unterstützt: <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Für jede Domain kann eine individuelle Formatzeichenkette konfiguriert " +"werden. Weitere Informationen über diese Option finden Sie unter DOMAIN-" +"ABSCHNITTE." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" +"SSSD überwacht den Status der »resolv.conf«, um festzustellen, wann es " +"seinen internen DNS-Resolver aktualisieren muss. Standardmäßig werden wir " +"versuchen, dafür Inotify zu benutzen. Falls Inotify nicht benutzt werden " +"kann, werden wir darauf zurückgreifen, alle fünf Sekunden »resolv.conf« " +"abzufragen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Es gibt ein paar begrenzte Situationen, in denen wir den Versuch, Inotify zu " +"benutzen, vorzugsweise überspringen sollten. In diesen seltenen Fällen " +"sollte diese Option auf »false« gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Voreinstellung: »true« auf Plattformen, auf denen Inotify unterstützt wird, " +"»false« auf anderen Plattformen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Hinweis: Diese Option wird auf Plattformen, auf denen Inotify nicht " +"verfügbar ist, keine Auswirkungen haben." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Verzeichnis auf dem Dateisystem, auf dem SSSD Dateien des Kerberos-Replay-" +"Zwischenspeichers speichern sollte." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Diese Option akzeptiert einen besonderen Wert, __LIBKRB5_DEFAULTS__, der " +"SSSD anweisen wird, Libkrb5 die Entscheidung zu überlassen, wo der geeignete " +"Ort für den Replay-Zwischenspeicher ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Voreinstellung: ahängig von der Distribution und zur Bauzeit angegeben " +"(__LIBKRB5_DEFAULTS__, falls nicht konfiguriert)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Diese Zeichenkette wird als Standard-Domain-Name für alle Namen ohne einen " +"Domain-Namensbestandteil benutzt. Hauptsächlich wird dies in Umgebungen " +"benutzt, in denen die primäre Domain zur Verwaltung von Rechnerrichtlinien " +"gedacht ist und sich alle Anwender in einer vertrauenswürdigen Domain " +"befinden. Die Option ermöglicht diesen Anwendern die Anmeldung allein mit " +"ihrem Benutzernamen ohne auch eine Domain anzugeben." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "Voreinstellung: nicht gesetzt" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "re_expression (string)" +msgid "certificate_verification (string)" +msgstr "re_expression (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +#, fuzzy +#| msgid "Default: not set, i.e. service discovery is disabled" +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Individuelle Teile der SSSD-Funktionalität werden durch spezielle SSSD-" +"Dienste bereitgestellt, die zusammen mit SSSD gestartet und gestoppt werden. " +"Die Dienste werden durch einen speziellen Dienst, oft »Monitor« genannt, " +"verwaltet. Der Abschnitt »[sssd]« wird sowohl zum Konfigurieren des Monitors " +"als auch einiger anderer wichtiger Optionen wie den »Identity Domains« " +"verwendet. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "DIENSTABSCHNITTE" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Dieser Abschnitt beschreibt Einstellungen, die zum Konfigurieren mehrerer " +"unterschiedlicher Dienste benutzt werden. Sie sollten im Abschnitt " +"[<replaceable>$NAME</replaceable>] liegen, für den Dienst NSS wäre der " +"Abschnitt zum Beispiel <quote>[nss]</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "Allgemeine Optionen zum Konfigurieren von Diensten" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Diese Option gibt die maximale Anzahl von Dateideskriptoren an, die " +"gleichzeitig durch diesen SSSD-Prozess geöffnet sein können. Auf Systemen, " +"auf denen SSSD die Fähigkeit CAP_SYS_RESOURCE gewährt wird, wird dies eine " +"absolute Einstellung sein. Auf Systemen ohne diese Fähigkeit wird der " +"resultierende Wert der niedrigere Wert hiervon oder der der »harten« " +"Begrenzung in der »limit.conf« sein." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" +"Diese Option gibt die Anzahl der Sekunden an, während der ein Client eines " +"SSSD-Prozesses einen Dateideskriptor behalten kann, ohne damit zu " +"kommunizieren. Dieser Wert wird begrenzt, um zu verhindern, dass Ressourcen " +"des Systems blockiert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "Voreinstellung: 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "force_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" +"Falls ein Dienst nicht auf Ping-Prüfungen antwortet (siehe die Option " +"»timeout«), wird ihm zuerst das Signal SIGTERM gesendet, das ihn anweist " +"anstandslos zu enden. Falls der Dienst sich nicht nach »force_timeout« " +"Sekunden beendet, wird der Monitor sein Beenden durch Senden des Signals " +"SIGKILL erzwingen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "Voreinstellung: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "NSS-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Diese Optionen können zum Konfigurieren des »Name Service Switch« (NSS) " +"benutzt werden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Wieviele Sekunden soll »nss_sss« Aufzählungen (Abfragen von Informationen " +"über alle Nutzer) zwischenspeichern?" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Voreinstellung: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"Der Eintragszwischenspeicher kann auf automatisch im Hintergrund " +"aktualisierte Einträge gestellt werden, falls sie jenseits eines " +"Prozentsatzes des Wertes »entry_cache_timeout« für die Domain abgefragt " +"werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Falls zum Beispiel die Zeitüberschreitung für den Eintragszwischenspeicher " +"der Domain auf 30s und »entry_cache_nowait_percentage« auf 50 Prozent " +"gesetzt wurde, werden Einträge, die in den letzten 15 Sekunden nach der " +"letzen Zwischenspeicheraktualisierung hereinkamen, sofort zurückgegeben, " +"SSSD wird aber den Zwischenspeicher selbst aktualisieren, so dass zukünftige " +"Abfragen nicht blockiert werden müssen, um auf eine " +"Zwischenspeicheraktualisierung zu warten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Gültige Werte für diese Option sind 0-99. Sie geben die Prozentzahl des " +"»entry_cache_timeout« für jede Domain an. Aus Leistungsgründen wird diese " +"Prozentzahl die »nowait«-Zeitüberschreitung nie auf weniger als zehn " +"Sekunden senken. (0 schaltet diese Funktionalität aus.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "Voreinstellung: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"gibt an, für wie viele Sekunden lang »nss_sss« negative " +"Zwischenspeichertreffer zwischenspeichern soll (das heißt, Abfragen " +"ungültiger Datenbankeinträge, wie solche, die nicht existieren), bevor das " +"Backend erneut gefragt wird)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Voreinstellung: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" +"schließt bestimmte Nutzer von der Abfrage aus der SSS-NSS-Datenbank aus, was " +"insbesondere für Systemkonten nützlich ist. Diese Option kann auch pro " +"Domain gesetzt werden oder voll qualifizierte Namen enthalten, um nur Nutzer " +"von einer bestimmten Domain herauszufiltern." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "Voreinstellung: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Falls Sie möchten, dass gefilterte Nutzer weiterhin Gruppenmitglieder sind, " +"setzen Sie diese Option auf »false«." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"setzt eine Standardschablone für das Home-Verzeichnis eines Nutzers, falls " +"es nicht explizit durch den Datenanbieter der Domain angegeben wurde." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Die für diese Option verfügbaren Werte sind dieselben wie für " +"»override_homedir«." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-" +"Verzeichnisse)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "override_shell (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Setzt die Anmeldeshell für alle Benutzer außer Kraft. Diese Option genießt " +"Vorrecht vor allen anderen Shell-Optionen, falls sie Wirkung zeigt und kann " +"entweder im Abschnitt [nss] oder für jede Domain gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert " +"benutzen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "allowed_shells (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"beschränkt die Shell des Nutzers auf eine der aufgeführten Werte. Die " +"Reihenfolge der Auswertung ist:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Falls die Shell in der Liste »allowed_shells«, aber nicht in »/etc/" +"shells« steht, wird der Wert des Parameters »shell_fallback« verwendet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Falls die Shell weder in der Liste »allowed_shells« noch in »/etc/shells« " +"steht, wird eine Nicht-Login-Shell benutzt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" +"Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"»/etc/shells« wird nur beim Start von SSSD gelesen. Das bedeutet, dass im " +"Fall einer neu installierten Shell ein Neustart von SSSD nötig ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" +"Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "shell_fallback (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"Die Standard-Shell, die benutzt werden soll, falls eine erlaubte Shell nicht " +"auf dem Rechner installiert ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "Voreinstellung: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"Die zu verwendende Vorgabeshell, falls der Anbieter während des Suchvorgangs " +"nichts zurückgibt. Diese Option kann entweder im Abschnitt [nss] oder für " +"jede Domain gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Voreinstellung: nicht gesetzt (Falls keine Shell angegeben wurde, wird NULL " +"zurückgegeben und darauf vertraut, dass Libc es, wenn nötig, durch etwas " +"Vernünftiges, üblicherweise /bin/sh, ersetzt.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"gibt die Zeit in Sekunden an, während der die Liste der Subdomains als " +"gültig erachtet wird." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "memcache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid" +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" +"gibt die Zeit in Sekunden an, in denen Datensätze im speicherinternen " +"Zwischenspeicher als gültig erachtet werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "Voreinstellung: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +#, fuzzy +#| msgid "" +#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +#| "applications will not use the fast in memory cache." +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" +"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, " +"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher " +"nicht." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "user_attributes (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "PAM-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Diese Optionen können benutzt werden, um den Dienst »Pluggable " +"Authentication Module« (PAM) einzurichten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Wie lange sollen zwischengespeicherte Anmeldungen erlaubt werden, falls der " +"Authentifizierungsanbieter offline ist (in Tagen seit der letzten " +"erfolgreichen Anmeldung)?" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "Voreinstellung: 0 (unbegrenzt)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Wieviele fehlgeschlagene Anmeldeversuche sind erlaubt, falls der " +"Authentifizierungsanbieter offline ist?" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"die Zeit in Minuten, die nach dem Erreichen von " +"»offline_failed_login_attempts« vergehen muss, bevor ein neuer " +"Anmeldeversuch möglich ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Falls dies auf 0 gesetzt ist, kann der Benutzer sich nicht offline " +"authentifizieren, wenn »offline_failed_login_attempts« erreicht wurde. Nur " +"eine erfolgreiche Online-Authentifizierung kann die Offline-" +"Authentifizierung reaktivieren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "Voreinstellung: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"steuert, welche Arten von Nachrichten während der Benutzerauthentifizierung " +"angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "Derzeit unterstützt SSSD folgende Werte:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Voreinstellung: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Für alle PAM-Anfragen, während SSSD online ist, wird SSSD versuchen, sofort " +"die zwischengespeicherten Identitätsinformationen für den Benutzer zu " +"aktualisieren. Dadurch wird sichergestellt, dass die Authentifizierung mit " +"den neusten Informationen erfolgt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Eine vollständige PAM-Konversation kann mehrere PAM-Abfragen durchführen, " +"wie die Kontenverwaltung und das Öffnen von Sitzungen. Diese Option steuert " +"(auf Basis von Client-Anwendungen) wie lange (in Sekunden) die " +"Identitätsinformationen zwischengespeichert werden können, um übermäßig " +"viele Abfragen der Identitätsanbieter zu vermeiden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Bitte beachten Sie, dass der Backend-Server Informationen über die " +"Ablaufzeit des Passworts bereitstellen muss. Fehlt diese Information, kann " +"SSSD keine Warnung anzeigen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Falls dies auf Null gesetzt ist, wird dieser Filter nicht angewendet, d.h., " +"falls die Ablaufwarnung vom Backend-Server empfangen wurde, wird sie " +"automatisch angezeigt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Diese Einstellung kann durch Setzen von <emphasis>pwd_expiration_warning</" +"emphasis> für eine bestimmte Domain außer Kraft gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Voreinstellung: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +#, fuzzy +#| msgid "ldap_ns_account_lock (string)" +msgid "pam_account_locked_message (string)" +msgstr "ldap_ns_account_lock (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "pam_id_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "Sudo-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Diese Optionen können zur Konfiguration des Sudo-Dienstes verwendet werden. " +"Detaillierte Informationen zur Konfiguration von <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"zur Verwendung mit <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> finden Sie in der Handbuchseite zu " +"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"bestimmt, ob die Attribute »sudoNotBefore« und »sudoNotAfter«, die " +"zeitabhängige »sudoers«-Einträge implementieren, ausgewertet werden oder " +"nicht." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "AUTOFS-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" +"Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"gibt an, wie viele Sekunden der Autofs-Responder negative Treffer " +"zwischenspeichert (das bedeutet, Abfragen ungültiger Abbildeinträge, wie " +"nicht existierende), bevor das Backend erneut befragt wird." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "SSH-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" +"Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"bestimmt, ob Rechnernamen und Adressen in der verwalteten Datei " +"»known_hosts« zusammengemischt werden oder nicht." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"bestimmt, wie viele Sekunden lang ein Rechner in der verwalteten Datei " +"»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "Voreinstellung: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +#, fuzzy +#| msgid "mail_dir (string)" +msgid "ca_db (string)" +msgstr "mail_dir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "Voreinstellung: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "PAC-Responder-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" +"Der PAC-Responder arbeitet mit der Autorisierungsdatenerweiterung für " +"»sssd_pac_plugin.so« von MIT Kerberos und einem Subdomain-Anbieter. Die " +"Erweiterung sendet die PAC-Daten während einer GSSAPI-Authentifizierung an " +"den PAC-Responder. Der Subdomain-Anbieter sammelt die SID- und ID-Bereiche " +"der Domain, zu der der Client gehört, und die fernen vertrauenswürdigen " +"Domains vom lokalen Domain-Controller. Falls der PAC entschlüsselt und " +"ausgewertet wurde, werden einige der folgenden Transaktionen durchgeführt:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" +"Falls der ferne Benutzer nicht im Zwischenspeicher existiert, wird er " +"erstellt. Die UID wird mithilfe der SID bestimmt, vertrauenswürdige Domains " +"werden UPGs und GID denselben Wert wie die UID haben. Das Home-Verzeichnis " +"wird auf Basis des Parameters »subdomain_homedir« gesetzt. Die Shell wird " +"standardmäßig leer sein, d.h. die Voreinstellungen des Systems werden " +"benutzt, können jedoch mit dem Parameter »default_shell« überschrieben " +"werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"Falls es Gruppen-SIDs von Domains gibt, die SSSD kennt, wird der Benutzer zu " +"diesen Gruppen hinzugefügt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "allowed_uids (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"gibt die durch Kommata getrennte Liste von UID-Werten oder Benutzernamen an, " +"denen der Zugriff auf den PAC-Responder erlaubt ist. Benutzernamen werden " +"beim Starten zu UIDs aufgelöst." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-" +"Responder gestattet.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Bitte beachten Sie, dass, obwohl die UID 0 als Voreinstellung benutzt wird, " +"diese Option sie überschriebt. Falls Sie weiterhin dem Benutzer Root Zugriff " +"auf den PAC-Responder gewähren möchten, was der Normalfall ist, müssen Sie " +"der Liste der erlaubten UIDs auch die 0 hinzufügen." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "DOMAIN-ABSCHNITTE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"UID- und GID-Beschränkungen für die Domain. Falls eine Domain einen Eintrag " +"enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Dies beeinflusst die Haupt-GID-Beschränkung für Benutzer. Der Benutzer wird " +"nicht an NSS zurückgegeben, falls entweder die UID oder die Haupt-GID " +"außerhalb des Bereichs liegt. Bei Mitgliedschaften in Nichthauptgruppen " +"werden jene, die im Bereich liegen, wie erwartet gemeldet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Diese ID-Beschränkungen beeinflussen sogar das Speichern von Einträgen in " +"den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "enumerate (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" +"bestimmt, ob eine Domain aufgezählt werden kann. Dieser Parameter kann einen " +"der folgenden Werte haben:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = Benutzer und Gruppen werden aufgezählt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = keine Aufzählungen für diese Domain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "Voreinstellung: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" +"Hinweis: Aktivieren der Aufzählung hat mäßige Auswirkungen auf die Leistung " +"von SSSD, während die Aufzählung läuft. Das Vervollständigen der " +"Aufzählungen kann nach dem Start von SSSD mehrere Minuten dauern. Während " +"dieser Zeit werden individuelle Abfragen von Informationen direkt an LDAP " +"gehen, obwohl es aufgrund des Aufzählungsprozesses möglicherweise langsam " +"ist. Speichern einer großen Menge von Einträgen in den Zwischenspeicher, " +"nachdem die Aufzählung vollständig ist, kann ebenfalls CPU-lastig sein, da " +"die Mitgliedschaften neu berechnet werden müssen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Während die erste Aufzählung läuft, geben Anfragen nach vollständigen " +"Benutzer- oder Gruppenlisten möglicherweise bis zur Fertigstellung keine " +"Ergebnisse zurück." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Darüber hinaus kann das Aktivieren der Aufzählung dazu führen, dass " +"Netzwerkausfälle erst später entdeckt werden. Dies kommt daher, dass längere " +"Zeitüberschreitungen vonnöten sind, um sicherzustellen, dass das " +"Nachschlagen von Aufzählungen vollständig erfolgreich war. Weitere " +"Informationen finden Sie in den Handbuchseiten für den jeweils aktuell " +"benutzten »id_provider«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"Aus den oben genannten Gründen wird das Aktivieren von Aufzählungen, " +"insbesondere in großen Umgebungen, nicht empfohlen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Legt fest, ob eventuell automatisch erkannte vertrauenswürdige Domains " +"aufgezählt werden sollen. Folgende Werte werden unterstützt: <placeholder " +"type=\"variablelist\" id=\"0\"/> Optional wird eine Liste aus einer oder " +"mehreren Domain-Namen die Aufzählung für genau diese vertrauenswürdigen " +"Domains aktivieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Einträge als gültig betrachten " +"soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Die Ablaufzeitstempel werden als Attribute individueller Objekte im " +"Zwischenspeicher gespeichert. Daher zeigt die Änderung der Ablaufzeiten im " +"Zwischenspeicher nur Wirkung bei neu hinzugefügten oder abgelaufenen " +"Einträgen. Sie sollten <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> ausführen, um die " +"Aktualisierung von Einträgen zu erzwingen, die bereits zwischengespeichert " +"wurden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "Voreinstellung: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Benutzereinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "Voreinstellung: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Gruppeneinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Netzgruppeneinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Diensteinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"bestimmt, wie viele Sekunden lang Sudo Regeln als gültig betrachten soll, " +"bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang der Dienst »autofs« Abbilder des " +"Automounters als gültig betrachten soll, bevor das Backend erneut abgefragt " +"wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Legt die Anzahl der Sekunden fest, die SSSD warten soll, bevor eine neuer " +"Prozess der Aktualisierung im Hintergrund ausgelöst wird, bei dem alle " +"abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" +"Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu " +"setzen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "Voreinstellung: 0 (deaktiviert)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" +"bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher " +"zwischengespeichert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" +"Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext " +"gespeichert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Anzahl der Tage, während der Einträge nach einer erfolgreichen Anmeldung im " +"Zwischenspeicher bleiben, bevor sie im Laufe der Zwischenspeicherbereinigung " +"entfernt werden. 0 bedeutet, für immer aufbewahren. Der Wert dieses " +"Parameters muss größer oder gleich »offline_credentials_expiration« sein." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Voreinstellung: 0 (unbegrenzt)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Bitte beachten Sie, dass der Backend-Server Informationen über die " +"Ablaufzeit des Passworts bereitstellen muss. Fehlt diese Information, kann " +"SSSD keine Warnung anzeigen. Außerdem muss für das Backend ein " +"Authentifizierungsanbieter konfiguriert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "id_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"der für die Domain benutzte Authentifizierungsanbieter. Folgende ID-Anbieter " +"werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "»proxy«: unterstützt einen veralteten NSS-Anbieter." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"»ldap«: LDAP-Anbieter: Weitere Informationen über die Konfiguration von LDAP " +"finden Sie unter <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" +"»ipa«: Anbieter von FreeIPA und Red Hat Enterprise Identity Management. " +"Weitere Informationen über die Konfiguration von FreeIPA finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"»ad«: Active-Directory-Anbieter: Weitere Informationen über die " +"Konfiguration von Active Directory finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"benutzt den vollständigen Namen und die Domain (wie sie durch das " +"»full_name_format« der Domain formatiert wurde) als Anmeldenamen des " +"Benutzers, der an NSS gemeldet wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Ist dies auf TRUE gesetzt, müssen Anfragen an diese Domain voll " +"qualifizierte Namen benutzen. Falls zum Beispiel <command>getent passwd " +"test</command> in der Domain LOCAL benutzt wird, die einen Benutzer »test« " +"enthält, würde der Benutzer nicht gefunden, <command>getent passwd " +"test@LOCAL</command> würde ihn hingegen finden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"ACHTUNG: Diese Option ist bei Netzgruppen-Suchanfragen wirkungslos, da diese " +"dazu tendieren, verschachtelte Netzgruppen ohne voll qualifizierte Namen " +"einzubeziehen. Bei Netzgruppen werden alle Domains durchsucht, wenn ein " +"nicht voll qualifizierter Name angefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "auth_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"der für diese Domain benutzte Authentifizierungsanbieter. Folgende " +"Authentifizierungsanbieter werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"»ldap« für native LDAP-Authentifizierung. Weitere Informationen über die " +"Konfiguration von LDAP finden Sie unter <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"»krb5« für Kerberos-Authentifizierung. Weitere Informationen über die " +"Konfiguration von Kerberos finden Sie unter <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "»none« deaktiviert explizit die Authentifizierung." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Voreinstellung: »id_provider« wird, falls es gesetzt ist, benutzt und kann " +"mit Authentifizierungsanfragen umgehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "access_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"der für diese Domain benutzte Zugriffssteuerungsanbieter. Es gibt zwei " +"integrierte Zugriffsanbieter (zusätzlich zu denen, die in den installierten " +"Backends enthalten sind). Interne Spezialanbieter sind:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"»permit« gibt immer Zugriff. Es ist der einzige erlaubte Zugriffsanbieter " +"für eine lokale Domain." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "»deny« verweigert dem Zugriff immer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"»simple«: Zugriffssteuerung basierend auf Zugriffs- oder " +"Verweigerungslisten. Weitere Informationen über die Konfiguration des " +"einfachen Zugriffsmoduls finden sie unter <citerefentry> <refentrytitle>sssd-" +"simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "Voreinstellung: »permit«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "chpass_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"der Anbieter, der Passwortänderungsaktionen für die Domain handhaben soll. " +"Folgende Anbieter von Passwortänderungen werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"»ldap« zum Ändern eines auf einem LDAP-Server gespeicherten Passworts. " +"Weitere Informationen über die Konfiguration von LDAP finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"»krb5« zum Ändern des Kerberos-Passworts. Weitere Informationen über die " +"Konfiguration von Kerberos finden Sie unter <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "»none« verbietet explizit Passwortänderungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Voreinstellung: »auth_provider« wird, falls es gesetzt ist, benutzt und " +"kann mit Passwortänderungsanfragen umgehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "sudo_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden " +"unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"»ldap« für die in LDAP gespeicherten Regeln. Weitere Informationen über die " +"Konfiguration von LDAP finden Sie unter <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> ist gleichbedeutend mit <quote>ldap</quote>, aber mit den " +"Vorgabeeinstellungen für IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ad</quote> ist gleichbedeutend mit <quote>ldap</quote>, aber mit den " +"Vorgabeeinstellungen für AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "»none« deaktiviert explizit Sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Detaillierte Informationen zur Konfiguration von sudo_provider finden Sie in " +"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Es gibt zahlreiche verwendbare " +"Konfigurationsoptionen, mit denen das Verhalten angepasst werden kann. Siehe " +"»ldap_sudo_*« in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "selinux_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"der Anbieter, der das Laden der SELinux-Einstellungen handhaben soll. " +"Beachten Sie, dass dieser Anbieter direkt aufgerufen wird, nachdem sich der " +"Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um SELinux-Einstellungen von einem IPA-Server zu laden. Weitere " +"Informationen über die Konfiguration von FreeIPA finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt. Er " +"kann SELinux-Ladeanfragen handhaben." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"der Anbieter, der das Abholen von Subdomains handhaben soll. Dieser Wert " +"sollte immer derselbe sein wie »id_provider«. Folgende Subdomain-Anbieter " +"werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um eine Liste mit Subdomains von einem IPA-Server zu laden. Weitere " +"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "»none« deaktiviert explizit das Abholen von Subdomains." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "autofs_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"der für diese Domain benutzte Anbieter von »autofs«. Folgende Anbieter von " +"»autofs« werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"»ldap«, um in LDAP gespeicherte Abbilder zu laden. Weitere Informationen " +"über die Konfiguration von LDAP finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um auf einem IPA-Server gespeicherte Abbilder zu laden. Weitere " +"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote> to load maps stored in an IPA server. See " +#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring IPA." +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"»ipa«, um auf einem IPA-Server gespeicherte Abbilder zu laden. Weitere " +"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "»none« deaktiviert explizit »autofs«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "hostid_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"der Anbieter, der zum Abfragen der Rechneridentitätsinformationen benutzt " +"wird. Folgende Anbieter von »hostid« werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um die auf einem IPA-Server gespeicherte Rechneridentität zu laden. " +"Weitere Informationen über die Konfiguration von IPA finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "»none« deaktiviert explizit »hostid«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"regulärer Ausdruck, der beschreibt, in welche Bestandteile die Zeichenkette " +"mit Benutzernamen und Domain bei der Auswertung zerlegt werden soll. Die " +"»Domain« kann entweder dem Domain-Namen der SSSD-Konfiguration oder im Fall " +"vertrauenswürdiger IPA-Subdomains und Active-Directory-Domains dem flachen " +"(NetBIOS-) Namen der Domain entsprechen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" +"Voreinstellung für den AD- oder IPA-Anbieter: »(((?P<Domain>[^\\\\]+)\\" +"\\(?P<Name>.+$))|((?P<Name>[^@]+)@(?P<Domain>.+$))|(^(?" +"P<Name>[^@\\\\]+)$))« " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "Benutzername" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "Benutzername@Domain.Name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "Domain\\Benutzername" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Während die ersten beiden der allgemeinen Voreinstellung entsprechen, wurde " +"die dritte eingeführt, um eine einfache Eingliederung von Benutzern aus " +"Windows-Domains zu ermöglichen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" +"Voreinstellung: »(?P<Name>[^@]+)@?(?P<Domain>[^@]*$)«, was " +"bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" +"BITTE BEACHTEN SIE: Die Unterstützung für nicht eindeutig benannte " +"Musterteile ist nicht auf allen Plattformen (z.B. RHEL5 und SLES10) " +"vorhanden. Nur Plattformen mit Libpcre Version 7 oder höher können nicht " +"eindeutig benannte Musterteile unterstützen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" +"BITTE BEACHTEN SIE AUCH: Ältere Versionen von Libpcre unterstützen für " +"Beschriftungsmusterteile nur die Python-Syntax (?P<Name>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Voreinstellung: »%1$s@%2$s«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "unterstützte Werte:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse " +"nachzuschlagen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse " +"nachzuschlagen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "Voreinstellung: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" +"definiert die Zeit (in Sekunden), die auf eine Antwort vom DNS-Resolver " +"gewartet werden soll, bevor davon ausgegangen wird, dass er nicht erreichbar " +"ist. Falls diese Zeitüberschreitung auftritt, wird die Domain weiterhin im " +"Offline-Modus arbeiten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Voreinstellung: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Falls die Dienstsuche im Backend benutzt wird, gibt dies den Domain-Teil der " +"DNS-Dienstabfrage an." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "override_gid (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "überschreibt die Haupt-GID mit der angegebenen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Wenn ein Benutzer oder eine Gruppe anhand des Namen im Anbieter »proxy« " +"nachgeschlagen wird, wird zusätzlich auch die ID aufgelöst. So wird der Name " +"für den Fall, dass er ein Alias ist, in eine »kanonische« Form gebracht. " +"Diese Option auf »True« zu setzen würde SSSD aus Leistungsgründen dazu " +"veranlassen, die ID im Zwischenspeicher nachzuschlagen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "flacher (NetBIOS-) Name einer Subdomain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Dieses Home-Verzeichnis wird als Vorgabewert für alle Subdomains innerhalb " +"dieser Domain im IPA-AD-Trust verwendet. In <emphasis>override_homedir</" +"emphasis> finden Sie Informationen zu möglichen Werten. Außerdem kann die " +"nachfolgende Expansion nur mit <emphasis>subdomain_homedir</emphasis> " +"verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Der Wert kann mit der Option <emphasis>override_homedir</emphasis> " +"überschrieben werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Voreinstellung: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "realmd_tags (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"verschiedene vom Konfigurationsdienst »realmd« für diese Domain gespeicherte " +"Kennzeichnungen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "memcache_timeout (int)" +msgid "cached_auth_timeout (int)" +msgstr "memcache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Diese Konfigurationsoptionen können in einem Abschnitt einer Domain-" +"Konfiguration vorhanden sein, das heißt, in einem Abschnitt namens " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "das Proxy-Ziel, an das PAM weiterleitet" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" +"Voreinstellung: standardmäßig nicht gesetzt, Sie müssen eine bestehende PAM-" +"Konfiguration nehmen oder eine neue erstellen und hier den Dienstnamen " +"hinzufügen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"der Name der NSS-Bibliothek, der für die Proxy-Domains benutzt werden soll. " +"Die in der NSS-Funktionen gesuchten Funktionen haben die Form »_nss_" +"$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" +"gültige Optionen für Proxy-Domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "Der Abschnitt lokale Domain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" +"Dieser Abschnitt enthält Einstellungen für Domains, die Benutzer und Gruppen " +"ein einer nativen SSSD-Datenbank speichern, das heißt eine Domain, die " +"<replaceable>ID_Anbieter=lokal</replaceable> benutzt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "default_shell (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" +"die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den " +"Benutzerbereich erstellt wurde." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "Voreinstellung: <filename>/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "base_directory (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" +"Die Werkzeuge hängen den Anmeldenamen an das <replaceable>Basisverzeichnis</" +"replaceable> und benutzen dies als Home-Verzeichnis." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "Voreinstellung: <filename>/home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "create_homedir (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" +"gibt an, ob standardmäßig ein Home-Verzeichnis für neue Benutzer erstellt " +"werden soll; kann auf der Befehlszeile überschrieben werden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "Voreinstellung: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "remove_homedir (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" +"gibt an, ob das Home-Verzeichnis für gelöschte Benutzer standardmäßig " +"entfernt werden soll; kann auf der Befehlszeile überschrieben werden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "homedir_umask (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" +"wird von <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> benutzt, um die " +"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "Voreinstellung: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "skel_dir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" +"die Verzeichnisvorlage, die Dateien und Verzeichnisse enthält, die in das " +"Home-Verzeichnis des Benutzers kopiert werden, wenn das Home-Verzeichnis " +"durch <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> erstellt wird" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "Voreinstellung: <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "mail_dir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" +"das Spool-Verzeichnis für E-Mails. Dies wird benötigt, um die Mailbox zu " +"manipulieren, wenn das zugehörige Benutzerkonto verändert oder gelöscht " +"wurde. Ist dies nicht angegeben wird ein Standardwert verwendet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "Voreinstellung: <filename>/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "userdel_cmd (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" +"der Befehl, der nach dem Entfernen eines Benutzers ausgeführt wird. Dem " +"Befehl wird als erster und einziger Parameter der Benutzername des Anwenders " +"übergeben, der entfernt wird. Der Rückgabewert des Befehls wird nicht " +"berücksichtigt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "BEISPIEL" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"Das folgende Beispiel zeigt eine typische SSSD-Konfiguration. Sie beschreibt " +"nicht die Konfiguration der Domains selbst – weitere Einzelheiten finden Sie " +"in der Dokumentation zum Konfigurieren von Domains. <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "SSSD LDAP-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration von LDAP-Domains für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Detaillierte Syntax-Informationen finden Sie im Abschnitt " +"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" +"Sie können SSSD so konfigurieren, dass es mehr als eine LDAP-Domain benutzt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" +"Das LDAP-Backend unterstützt ID-, Authentifizierungs-, Zugriffs- und Chpass-" +"Anbieter. Falls Sie sich bei einem LDAP-Server authentifizieren möchten, " +"wird entweder TLS/SSL oder LDAPS benötigt. <command>sssd</command> " +"unterstützt <emphasis>keine</emphasis> Authentifizierung über einen " +"unverschlüsselten Kanal. Falls der LDAP-Server nur als Identitätsanbieter " +"benutzt wird, wird kein verschlüsselter Kanal benötigt. Weitere " +"Informationen über die Verwendung von LDAP als Zugriffsanbieter finden Sie " +"unter »ldap_access_filter«." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "KONFIGURATIONSOPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"gibt eine durch Kommata getrennte Liste der LDAP-Server-URIs in der " +"Reihenfolge an, in der sich SSSD mit ihnen verbinden soll. Weitere " +"Informationen über Ausfallsicherung und Redundanz finden Sie im Abschnitt " +"»AUSFALLSICHERUNG«. Falls keine Option angegeben wurde, wird die Dienstsuche " +"aktiviert. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" +"Das Format der URI muss dem in RFC 2732 definierten Format entsprechen:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<Rechner>[:Port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"Wenn Sie explizit IPv6-Adressen verwenden möchten, muss <Rechner> in " +"eckigen Klammern [] stehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "Beispiel: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"gibt eine durch Kommata getrennte Liste von URIs der LDAP-Server an, mit " +"denen SSSD sich in dieser Reihenfolge verbinden soll, um das Passwort eines " +"Benutzers zu ändern. Weitere Informationen über Ausfallsicherung und " +"Redundanz finden Sie im Abschnitt »AUSFALLSICHERUNG«. " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Um die Dienstsuche zu aktivieren, muss »ldap_chpass_dns_service_name« " +"gesetzt sein." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"der Standardbasis-Domain-Name, der zur Durchführung von LDAP-" +"Benutzeraktionen benutzt wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Beginnend mit SSSD 1.7.0 unterstützt SSSD mehrere Suchgrundlagen mittels der " +"Syntax:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" +"search_base[?Gültigkeitsbereich?[Filter][?search_base?Gültigkeitsbereich?" +"[Filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" +"Der Gültigkeitsbereich kann entweder »base«, »onelevel« oder »subtree« sein." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Der Filter muss ein gültiger LDAP-Suchfilter, wie durch http://www.ietf.org/" +"rfc/rfc2254.txt spezifiziert, sein." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "Beispiele:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (dies entspricht) ldap_search_base = " +"dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=Beispiel,dc=com?Unterverzeichnis?" +"(host=Dieser_Rechner)?dc=example.com?Unterverzeichnis?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Hinweis: Mehrere Suchgrundlagen, die sich auf Objekte mit gleichem Namen " +"beziehen, werden nicht unterstützt (zum Beispiel Gruppen mit demselben Namen " +"in zwei unterschiedlichen Suchgrundlagen). Dies wird zu unvorhersehbarem " +"Verhalten auf Client-Rechnern führen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Voreinstellung: Falls nicht gesetzt, wird der Wert der Attribute " +"»defaultNamingContext« oder »namingContexts« vom RootDSE des LDAP-Servers " +"benutzt. Falls »defaultNamingContext« nicht existiert oder ihr Wert leer " +"ist, wird »namingContexts« verwendet. Das Attribut »namingContexts« muss " +"einen einzelnen Wert mit dem Domain-Namen der Suchgrundlage des LDAP-Servers " +"haben, damit dies funktioniert. Mehrere Werte werden nicht unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "ldap_schema (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"gibt den Schematyp an, der gerade auf dem Ziel-LDAP-Server benutzt wird. " +"Abhängig vom ausgewählten Schema können sich die von den Servern geholten " +"Standardattributnamen stark unterscheiden. Die Art, wie einige Attribute " +"gehandhabt werden, kann sich ebenfalls unterscheiden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "Derzeit werden vier Schematypen unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"Der Hauptunterschied zwischen diesen Schematypen besteht darin, wie " +"Gruppenmitgliedschaften auf dem Server aufgezeichnet werden. Mit »rfc2307« " +"werden Gruppenmitglieder nach Namen im Attribut <emphasis>memberUid</" +"emphasis> aufgeführt. Mit »rfc2307bis« bis »IPA« werden die " +"Gruppenmitglieder nach Domain-Namen aufgeführt und im Attribut " +"<emphasis>member</emphasis> gespeichert. Der Schematyp »AD« setzt die " +"Attribute passend zu den Werten von Active Directory 2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "Voreinstellung: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"der Standard-Bind-Domain-Name, der zum Durchführen von LDAP-Aktionen benutzt " +"wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "der Typ des Authentifizierungs-Tokens des Standard-Bind-Domain-Namens" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "Die beiden derzeit unterstützten Mechanismen sind:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "Voreinstellung: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" +"das Authentifizierungs-Token des Standard-Bind-Domain-Namens. Derzeit werden " +"nur Klartextpasswörter unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "die Objektklasse eines Benutzereintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "Voreinstellung: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "das LDAP-Attribut, das zum Anmeldenamen des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "Voreinstellung: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "das LDAP-Attribut, das zu der ID des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "Voreinstellung: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "das LDAP-Attribut, das zu der Hauptgruppen-ID des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "Voreinstellung: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "das LDAP-Attribut, das zum Gecos-Feld des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "Voreinstellung: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" +"das LDAP-Attribut, das den Namen des Home-Verzeichnisses des Benutzers " +"enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "Voreinstellung: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"das LDAP-Attribut, das den Pfad zur Standard-Shell des Benutzers enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "Voreinstellung: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"das LDAP-Attribut, das die objectSID eines LDAP-Benutzerobjekts enthält. " +"Dies wird normalerweise nur für Active-Directory-Server benötigt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"das LDAP-Attribut, das den Zeitstempel der letzten Änderung im " +"übergeordneten Objekt enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "Voreinstellung: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Datum der letzten Passwortänderung) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "Voreinstellung: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Mindestpasswortalter) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "Voreinstellung: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (maximales Passwortalter) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "Voreinstellung: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Passwortwarnperiode) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "Voreinstellung: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Passwortinaktivitätsperiode) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "Voreinstellung: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Ablaufdatum des Kontos) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "Voreinstellung: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Wenn »ldap_pwd_policy=mit_kerberos« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, in dem Datum und Zeit der letzten " +"Passwortänderung in Kerberos gespeichert sind." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "Voreinstellung: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Wenn »ldap_pwd_policy=mit_kerberos« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, welches das Datum und die Zeit enthält, wann " +"das aktuelle Passwort erlischt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "Voreinstellung: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Wenn »ldap_account_expire_policy=ad« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, in dem die Zeit gespeichert ist, wann das " +"Konto erlischt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "Voreinstellung: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Wenn »ldap_account_expire_policy=ad« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, in dem das Steuer-Bit-Feld des " +"Benutzerkontos gespeichert ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "Voreinstellung: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Wenn »ldap_account_expire_policy=rhds« oder Entsprechendes benutzt wird, " +"legt dieser Parameter fest, ob Zugriff gewährt wird oder nicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "Voreinstellung: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieses Attribut " +"fest, ob Zugriff gewährt wird oder nicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "Voreinstellung: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieser Parameter " +"fest, bis zu welchem Datum Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieses Attribut die " +"Stunden eines Wochentages fest, in denen Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "Voreinstellung: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"das LDAP-Attribut, das den Kerberos User Principal Name (UPN/" +"Hauptbenutzername) enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "Voreinstellung: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Durch Kommata getrennte Liste der LDAP-Attribute, die SSSD zusammen mit den " +"üblichen Benutzerattributen holen soll." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"Die Liste kann entweder nur Namen von LDAP-Attributen enthalten, oder durch " +"Doppelpunkte getrennte Tupel aus Attributnamen des SSSD-Zwischenspeichers " +"und Namen von LDAP-Attributen. Wenn nur die Namen von LDAP-Attributen " +"angegeben werden, wird das Attribut unverändert im Zwischenspeicher " +"gespeichert. Die Verwendung eines benutzerdefinierten SSSD-Attributnamens " +"kann in Umgebungen notwendig sein, in denen mehrere SSSD-Domains mit " +"unterschiedlichen LDAP-Schemata eingerichtet sind." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Bitte beachten Sie, dass diverse Attributnamen durch SSSD reserviert sind, " +"beispielsweise das Attribut <quote>name</quote>. SSSD würde einen Fehler " +"melden, falls eines der reservierten Attribute als zusätzlicher Attributname " +"verwendet wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Speichert das Attribut <quote>telephoneNumber</quote> von LDAP als " +"<quote>telephoneNumber</quote> im Zwischenspeicher." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" +"Speichert das Attribut <quote>telephoneNumber</quote> von LDAP als " +"<quote>phone</quote> im Zwischenspeicher." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" +"das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Benutzers enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Einige Verzeichnisserver, zum Beispiel Active Directory, könnten den Realm-" +"Teil der UPN in Kleinbuchstaben liefern, was zum Scheitern der " +"Authentifizierung führen kann. Setzen Sie diese Option auf einen Wert " +"ungleich Null, falls Sie einen Realm in Großbuchstaben wünschen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"gibt an, wie viele Sekunden lang SSSD warten soll, bevor es seinen " +"Zwischenspeicher aufgezählter Datensätze aktualisiert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"bestimmt, wie oft der Zwischenspeicher auf inaktive Einträge überprüft wird " +"(wie Gruppen ohne Mitglieder und Benutzer, die sich noch nie angemeldet " +"haben) und diese entfernt werden, um Platz zu sparen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "Voreinstellung: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" +"das LDAP-Attribut, das die Gruppenmitgliedschaften des Benutzers aufführt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "Voreinstellung: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Falls »access_provider=ldap« und »ldap_access_order=authorized_service« " +"benutzt werden, wird SSSD die Anwesenheit das Attributs »authorizedService« " +"im LDAP-Eintrag den Benutzers nutzen, um die Zugriffsrechte zu bestimmen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Ein explizites Verweigern (»!svc«) wird zuerst aufgelöst. Als Zweites sucht " +"SSSD eine explizite Erlaubnis (»svc«) und zuletzt nach »allow_all« (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« " +"»authorized_service« enthalten <emphasis>muss</emphasis>, damit die Option " +"»ldap_user_authorized_service« funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "Voreinstellung: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Falls »access_provider=ldap« und »ldap_access_order=host« benutzt werden, " +"wird SSSD die Anwesenheit das Attributs »host« im LDAP-Eintrag den Benutzers " +"verwenden, um die Zugriffsrechte zu bestimmen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Ein explizites Verweigern (»!host«) wird zuerst aufgelöst. Als Zweites sucht " +"SSSD eine explizite Erlaubnis (»host«) und zuletzt nach »allow_all« (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« »host« " +"enthalten <emphasis>muss</emphasis>, damit die Option " +"»ldap_user_authorized_host« funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "Voreinstellung: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "die Objektklasse eines Gruppeneintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "Voreinstellung: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "das LDAP-Attribut, das dem Gruppennamen entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "das LDAP-Attribut, das der Gruppen-ID entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "das LDAP-Attribut, das die Namen der Gruppenmitglieder enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"das LDAP-Attribut, das die ObjectSID eines LDAP-Gruppenobjekts enthält. Dies " +"wird normalerweise nur für Active-Directory-Server benötigt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "ldap_group_type (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"Das LDAP-Attribut, das einen Ganzzahlwert enthält, der den Gruppentyp und " +"eventuell weitere Flags enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Dieses Attribut wird derzeit nur vom AD-Anbieter verwendet, um zu ermitteln, " +"ob eine Gruppe eine lokale Domain-Gruppe ist und aus den vertrauenswürdigen " +"Domains herausgefiltert werden sollte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "ldap_group_member (string)" +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_member (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +#, fuzzy +#| msgid "Default: groupType in the AD provider, othewise not set" +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Falls »ldap_schema« auf ein Format gesetzt ist, das verschachtelte Gruppen " +"(z.B. RFC2307bis) unterstützt, dann steuert diese Option, wie viele Stufen " +"tief SSSD der Verschachtelung folgt. Diese Option hat keine Auswirkungen auf " +"das Schema RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" +"Hinweis: Diese Option gibt die garantierte Tiefe verschachtelter Gruppen an, " +"die bei Suchvorgängen verarbeitet werden soll. Dennoch <emphasis>können</" +"emphasis> auch tiefer verschachtelte Gruppen einbezogen werden, falls bei " +"früheren Suchvorgängen die tieferen Ebenen bereits einmal berücksichtigt " +"wurden. Außerdem können folgende Suchvorgänge für andere Gruppen die " +"Ergebnisse des ursprünglichen Suchvorgangs vergrößern, wenn die Suche erneut " +"erfolgt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +#, fuzzy +#| msgid "" +#| "If ldap_group_nesting_level is set to 0 then no nested groups are " +#| "processed at all. However, when connected to Active-Directory Server 2008 " +#| "and later it is furthermore required to disable usage of Token-Groups by " +#| "setting ldap_use_tokengroups to false." +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" +"Falls ldap_group_nesting_level auf 0 gesetzt ist, werden überhaupt keine " +"verschachtelten Gruppen verarbeitet. Es ist außerdem notwendig, für den " +"Active Directory Server 2008 und neuere Versionen die Verwendung von Token-" +"Gruppen zu deaktivieren, indem der boolesche Wert von ldap_use_tokengroups " +"auf »falsch« gesetzt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "Voreinstellung: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "ldap_groups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" +"Diese Option teilt SSSD mit, dass es den Vorteil einer Active-Directory-" +"spezifischen Funktionalität nutzen soll, die Gruppenachschlageoptionen und " +"Bereitstellungen mit komplexen oder tief verschachtelten Gruppen zu " +"beschleunigen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" +"In den meisten Fällen ist es am besten, diese Option deaktiviert zu lassen. " +"Normalerweise führt sie nur bei sehr komplexen Verschachtelungen zu einer " +"Leistungssteigerung." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" +"Falls diese Option aktiviert ist und SSSD beim Verbinden feststellt, dass " +"der Server sie unterstützt, wird SSSD sie verwenden. Daher bedeutet hier " +"»True« eigentlich »auto-detect«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" +"Hinweis: Es ist bekannt, dass diese Funktionalität derzeit nur mit Active " +"Directory 2008 R1 und neuer funktioniert. Weitere Einzelheiten finden Sie in " +"der <ulink url=\"http://msdn.microsoft.com/en-us/library/windows/desktop/" +"aa746475%28v=vs.85%29.aspx\"> MSDN™-Dokumentation</ulink>." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "Voreinstellung: False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "ldap_initgroups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" +"Diese Option teilt SSSD mit, dass es den Vorteil einer Active-Directory-" +"spezifischen Funktionalität nutzen soll, die möglicherweise Initgroups-" +"Aktionen beschleunigt (vor allem, beim Umgang mit komplexen oder " +"verschachtelten Gruppen)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"Diese Optionen aktivieren oder deaktivieren die Verwendung des Token-Gruppen-" +"Attributs, wenn »initgroup« für Benutzers des Active Directory Servers 2008 " +"und neuere Versionen ausgeführt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "die Objektklasse eines Netzgruppeneintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" +"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_object_class« benutzt " +"werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "Voreinstellung: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "das LDAP-Attribut, das dem Netzgruppennamen entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" +"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_name« benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "das LDAP-Attribut, das die Namen der Netzgruppenmitglieder enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" +"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "Voreinstellung: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"das LDAP-Attribut, das die Netzgruppen-Triples (Rechner, Benutzer, Domain) " +"enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "Voreinstellung: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "die Objektklasse eines Diensteintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "Voreinstellung: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"das LDAP-Attribut, das die Namen von Dienstattributen und ihre Alias enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "Voreinstellung: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" +"das LDAP-Attribut, das die von diesem Dienst verstandenen Protokolle enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "Voreinstellung: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem LDAP-" +"Suchen laufen dürfen, bevor sie abgebrochen und die zwischengespeicherten " +"Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Hinweis: Diese Option ist in zukünftigen Versionen von SSSD Gegenstand von " +"Änderungen. Sie wird wahrscheinlich an einigen Stellen durch Serien von " +"Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem LDAP-" +"Suchen nach Benutzer- und Gruppenaufzählungen laufen dürfen, bevor sie " +"abgebrochen und die zwischengespeicherten Ergebnisse zurückgegeben werden " +"(und in den Offline-Modus gegangen wird)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, nach dem " +"<citerefentry> <refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " +"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> " +"<manvolnum>2</manvolnum> </citerefentry> gefolgt von einem <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> zurückkehrt, falls keine Aktivität stattfindet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem eine " +"Verbindung zu einem LDAP-Server aufrechterhalten wird. Nach dieser Zeit wird " +"die Verbindung erneut aufgebaut. Wird dies parallel zu SASL/GSSAPI benutzt, " +"wird der frühere der beiden Werte (dieser Wert gegenüber der TGT-" +"Lebensdauer) verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "Voreinstellung: 900 (15 Minuten)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"gibt die Anzahl der Datensätze an, die in einer einzelnen Anfrage von LDAP " +"empfangen werden. Einige LDAP-Server erzwingen eine Begrenzung des Maximums " +"pro Anfrage." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "Voreinstellung: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"deaktiviert die Seitenadressierungssteuerung von LDAP. Diese Option sollte " +"benutzt werden, falls der LDAP-Server meldet, dass er die LDAP-" +"Seitenadressierungssteuerung in seinem RootDSE unterstützt, sie jedoch " +"deaktiviert ist oder sich nicht ordnungsgemäß verhält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Beispiel: OpenLDAP-Server, bei denen das Seitenadressierungssteuerungsmodul " +"installiert, aber nicht aktiviert ist, werden es im RootDSE melden, sind " +"aber nicht in der Lage, es zu benutzen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Beispiel: 389 DS hat einen Fehler, durch den es gleichzeitig nur eine " +"einzige Seitenadressierungssteuerung für eine einzelne Verbindung benutzen " +"kann. Bei ausgelasteten Clients kann dies dazu führen, dass manche Anfragen " +"abgelehnt werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "deaktiviert die Bereichsabfrage von Active Directory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"Active Directory begrenzt die Anzahl der Mitglieder, die in einem einzigen " +"Nachschlagen mittels der MaxValRange-Richtlinie empfangen werden können (die " +"Voreinstellung sind 1.500 Mitglieder). Falls eine Gruppe mehr Mitglieder " +"enthält, wird die Antwort eine AD-spezifische Bereichserweiterung enthalten. " +"Diese Option deaktiviert das Auswerten der Bereichserweiterung, daher wird " +"es so aussehen, als ob große Gruppen keine Mitglieder hätten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Wenn mittels SASL mit einem LDAP-Server kommuniziert wird, gibt dies die " +"mindestens nötige Sicherheitsstufe zum Herstellen der Verbindung an. Die " +"Werte dieser Option werden durch OpenLDAP definiert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in " +"»ldap.conf« angegeben)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"gibt die Anzahl der Gruppenmitglieder an, die aus dem internen " +"Zwischenspeicher fehlen muss, um ein dereferenzierendes Nachschlagen " +"auszulösen. Falls weniger Mitglieder fehlen, werden sie individuell " +"nachgeschlagen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" +"Sie können dereferenzierendes Nachschlagen komplett ausschalten, indem Sie " +"den Wert auf 0 setzen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Dereferenzierendes Nachschlagen ist ein Mittel, um alle Gruppenmitglieder in " +"einem einzigen LDAP-Aufruf abzuholen. Verschiedene LDAP-Server können " +"unterschiedliche Methoden zum Dereferenzieren implementieren. Die derzeit " +"unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Hinweis:</emphasis> Falls eine der Suchgrundlagen einen Suchfilter " +"angibt, wird die Verbesserung der Leistung beim dereferenzierenden " +"Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"gibt an, welche Prüfungen von Server-Zertifikaten in einer TLS-Sitzung " +"durchgeführt werden, falls vorhanden. Dies kann in Form einer der folgenden " +"Werte angegeben werden:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = Der Client wird kein Server-Zertifikat prüfen " +"oder anfordern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = Das Server-Zertifikat wird angefordert. Falls " +"kein Zertifikat bereitgestellt wird, fährt die Sitzung normal fort. Falls " +"ein ungültiges Zertifikat bereitgestellt wird, wird es ignoriert und die " +"Sitzung fährt normal fort." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = Das Server-Zertifikat wird angefordert. Falls das " +"Zertifikat bereitgestellt wird, fährt die Sitzung normal fort. Falls ein " +"ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = Das Server-Zertifikat wird angefordert. Falls " +"kein oder ein ungültiges Zertifikat bereitgestellt wird, wird die Sitzung " +"sofort beendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = entspricht »demand«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "Voreinstellung: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"gibt die Datei an, die Zertifikate für alle Zertifizierungstellen enthält, " +"die <command>sssd</command> erkennen wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Voreinstellung: verwendet OpenLDAP-Voreinstellungen, normalerweise aus " +"<filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"gibt den Pfad eines Verzeichnisses an, das Zertifikate von " +"Zertifizierungstellen in separaten individuellen Dateien enthält. Die " +"Dateinamen sollen normalerweise ein Hash-Wert des Zertifikats gefolgt von " +"».0« sein. Falls verfügbar, kann <command>cacertdir_rehash</command> zum " +"Erstellen der korrekten Namen verwendet werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" +"gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "gibt die Datei an, die den Schlüssel des Clients enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" +"gibt an, dass die Verbindung »id_provider« auch <systemitem class=\"protocol" +"\">tls</systemitem> benutzen muss, um den Kanal abzusichern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"gibt an, dass SSSD versuchen soll, die Benutzer- und Gruppen-ID von den " +"Attributen »ldap_user_objectsid« und »ldap_group_objectsid« abzubilden, " +"statt sich auf »ldap_user_uid_number« und »ldap_group_gid_number« zu " +"verlassen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-" +"Directory-ObjectSIDs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "ldap_min_id, ldap_max_id (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"Im Gegensatz zum SID-basierten ID-Abbilden, das benutzt wird, falls " +"»ldap_id_mapping« auf »true« gesetzt ist, ist der erlaubte ID-Bereich für " +"»ldap_user_uid_number« und »ldap_group_gid_number« offen. In einer " +"Konfiguration mit Unter-Domains und vertrauenswürdigen Domains könnte dies " +"zu ID-Kollisionen führen. Um Kollisionen zu vermeiden, können »ldap_min_id« " +"und »ldap_max_id« zum Begrenzen des erlaubten Bereichs für direkt vom Server " +"gelesene IDs verwendet werden. Unter-Domains können dann andere Bereiche zur " +"Abbildung von IDs wählen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" +"gibt an, welcher SASL-Mechanismus benutzt werden soll. Derzeit ist nur " +"GSSAPI getestet und wird unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" +"gibt an, welche SASL-Berechtigungs-ID benutzt werden soll. Wenn GSSAPI " +"verwendet wird, steht dies für den Kerberos-Principal, der für die " +"Authentifizierung zum Verzeichnis benutzt wird. Diese Option kann entweder " +"den vollständigen Principal (zum Beispiel Rechner/MeinRechner@EXAMPLE.COM) " +"oder nur den Namen des Principals (zum Beispiel Rechner/MeinRechner) " +"enthalten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "Voreinstellung Rechner/MeinRechner@BEREICH" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"gibt den SASL-Realm an, der benutzt werden soll. Wurde diese Option nicht " +"angegeben, ist die Voreinstellung der Wert von »krb5_realm«. Falls " +"»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "Voreinstellung: der Wert von »krb5_realm«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Falls dies auf »true« gesetzt wäre, würde die LDAP-Bibliothek ein " +"umgekehrtes Nachschlagen durchführen, um den Rechnernamen während eines SASL-" +"Bind in eine kanonische Form zu bringen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "Voreinstellung: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "gibt die Keytab an, wenn SASL/GSSAPI benutzt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" +"gibt an, dass der »id_provider« Kerberos-Anmeldedaten (TGT) initialisieren " +"soll. Diese Aktion wird nur durchgeführt, falls SASL benutzt wird und der " +"ausgewählte Mechnaismus GSSAPI ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" +"gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "Voreinstellung: 86400 (24 Stunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"gibt die durch Kommata getrennte Liste von IP-Adressen bzw. Rechnernamen von " +"Kerberos-Servern in der Reihenfolge an, in der sich SSSD mit ihnen verbinden " +"soll. Weitere Informationen über Ausfallsicherung und Redundanz finden Sie " +"im Abschnitt »AUSFALLSICHERUNG«. An die Adressen oder Rechnernamen kann eine " +"optionale Portnummer (der ein Doppelpunkt vorangestellt ist) angehängt " +"werden. Falls dies leer gelassen wurde, wird die Dienstsuche aktiviert. " +"Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Wenn die Dienstsuche für Schlüsselverwaltungszentralen- (KDC) oder Kpasswd-" +"Server benutzt wird, durchsucht SSSD zuerst die DNS-Einträge, die_udp als " +"Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Diese Option hieß in früheren Veröffentlichungen von SSSD »krb5_kdcip«. " +"Obwohl der alte Name einstweilen noch in Erinnerung ist, wird Anwendern " +"geraten, ihre Konfigurationsdateien auf die Verwendung von »krb5_server« zu " +"migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "gibt den Kerberos-REALM an (für SASL/GSSAPI-Authentifizierung)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"gibt an, ob der Host Principal beim Verbinden mit einem LDAP-Server in eine " +"kanonische Form gebracht werden soll. Diese Funktionalität ist mit MIT " +"Kerberos >= 1.7 verfügbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"gibt an, ob SSSD die Kerberos-Bibliotheken anweisen soll, welcher Realm und " +"welche Schlüsselverwaltungszentralen (KDCs) benutzt werden sollen. Diese " +"Option ist standardmäßig eingeschaltet. Falls Sie sie ausschalten, müssen " +"Sie die Kerberos-Bibliothek mittels der Konfigurationsdatei " +"<citerefentry><refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> einrichten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Weitere Informationen über die Locator-Erweiterung finden Sie auf der " +"Handbuchseite <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"wählt das Regelwerk, anhand dessen das Client-seitige Erlöschen des " +"Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> – keine Client-seitige Abschätzung. Diese Option " +"kann keine Server-seitigen Passwortregelwerke deaktivieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" +"<emphasis>shadow</emphasis> – benutzt Attribute im Stil von " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> – verwendet die von MIT Kerberos benutzten " +"Attribute, um zu bestimmen, ob das Passwort erloschen ist. Verwenden Sie " +"»chpass_provider=krb5«, um diese Attribute zu aktualisieren, wenn das " +"Passwort geändert wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Hinweis</emphasis>: Falls serverseitig eine Passwortregel " +"konfiguriert ist, hat diese stets Vorrang vor der mit dieser Option " +"festgelegten Regel." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Bitte beachten Sie, dass SSSD nur Verweisverfolgung unterstützt, falls es " +"mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" +"Verweisverfolgungen können in Umgebungen, die ausgiebig von ihnen Gebrauch " +"machen, einen Leistungsnachteil erleiden, ein beachtenswertes Beispiel ist " +"Microsoft Active Directory. Falls ihre Installation Verweisverfolgungen " +"nicht tatsächlich benötigt, könnte diese Option auf »false« zu setzen eine " +"merkliche Leistungsverbesserung bringen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "Voreinstellung: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"gibt den Dienstnamen an, der zum Finden eines LDAP-Servers benutzt werden " +"soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"gibt an, ob das Attribut »ldap_user_shadow_last_change« nach einer " +"Passwortänderung mit Unix-Zeit geändert wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Falls access_provider = ldap und ldap_access_order = filter ist " +"(Voreinstellung), dann ist diese Option obligatorisch. Sie gibt ein " +"Suchfilterkriterium für LDAP an, dass auf den Benutzer passen muss, damit " +"diesem Zugriff auf den Host gewährt wird. Falls access_provider = ldap und " +"ldap_access_order = filter ist und diese Option nicht gesetzt ist, wird " +"allen Benutzern der Zugriff verweigert. Verwenden Sie access_provider = " +"permit, um dieses Standardverhalten zu ändern. Bitte beachten Sie, dass " +"dieser Filter nur auf den LDAP-Benutzereintrag angewendet wird und daher die " +"auf verschachtelten Gruppen basierende Filterung nicht funktioniert. " +"Beispielsweise zeigt das Active-Directory-Attribut »memberOf« nur auf die " +"unmittelbaren Eltern. Falls die Filterung basierend auf verschachtelten " +"Gruppen erforderlich sein sollte, finden Sie genauere Anweisungen in der " +"Handbuchseite zu <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "Beispiel:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"In diesem Beispiel wird der Zugriff auf diesen Host auf jene Benutzer " +"beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" +"Die Offline-Zwischenspeicherung ist darauf beschränkt festzulegen, ob bei " +"der letzten Online-Anmeldung des Benutzers Zugriffsrechte gewährt wurden. " +"Falls ja, wird weiterhin offline Zugriff gegeben und umgekehrt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "Voreinstellung: leer" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Mit dieser Option kann eine Client-seitige Abschätzung der " +"Zugriffssteuerungsattribute aktiviert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Bitte beachten Sie, dass die Server-seitige Zugriffssteuerung generell " +"empfohlen wird, d.h. der LDAP-Server sollte die Bind-Abfrage sogar dann mit " +"einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "Die folgenden Werte sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: verwendet den Wert von " +"»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: verwendet den Wert des 32-Bit-Felds " +"»ldap_user_ad_user_account_control« und ermöglicht den Zugriff, falls das " +"zweite Bit nicht gesetzt ist. Falls das Attribut fehlt, wird Zugriff " +"gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: verwenden den Wert von »ldap_ns_account_lock«, um zu prüfen, ob " +"Zugriff erlaubt wird oder nicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: Die Werte von " +"»ldap_user_nds_login_allowed_time_map«, »ldap_user_nds_login_disabled« und " +"»ldap_user_nds_login_expiration_time« werden benutzt, um zu überprüfen, ob " +"Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« " +"»expire« enthalten <emphasis>muss</emphasis>, damit die Option " +"»ldap_account_expire_policy« funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte " +"sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: verwendet das Attribut " +"»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, " +"ob Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "Voreinstellung: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Bitte beachten Sie, dass es ein Konfigurationsfehler ist, falls ein Wert " +"mehr als einmal benutzt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "ldap_deref (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"gibt an, wie Alias-Dereferenzierung bei einer Suche erledigt wird. Die " +"folgenden Optionen sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: Alias werden auf Unterebenen des " +"Basisobjekts dereferenziert, nicht jedoch beim Orten des Basisobjekts der " +"Suche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: Alias werden nur beim Orten des Basisobjekts " +"der Suche dereferenziert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: Alias werden sowohl bei der Suche als auch beim " +"Orten des Basisobjekts der Suche dereferenziert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Voreinstellung: leer (Dies wird durch LDAP-Client-Bibliotheken wie " +"<emphasis>never</emphasis> gehandhabt.)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"ermöglich, lokale Anwender als Mitglieder einer LDAP-Gruppe für Server " +"beizubehalten, die das Schema RFC2307 benutzen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"In einigen Umgebungen, in denen das Schema RFC2307 verwendet wird, werden " +"lokale Benutzer zu Mitgliedern einer LDAP-Gruppe gemacht, indem ihre Namen " +"dem Attribut »memberUid« hinzugefügt werden. Die eigene Stimmigkeit der " +"Domain wird dabei kompromittiert, daher würde SSSD normalerweise »fehlende« " +"Anwender aus den zwischengespeicherten Gruppenmitgliedschaften entfernen, " +"sobald Nsswitch versucht, Informationen über den Anwender durch Aufrufen von " +"getpw*() oder initgroups() abzurufen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"Diese Option greift auf das Prüfen zurück, ob auf lokale Benutzer Bezug " +"genommen wird und speichert sie, so dass spätere Aufrufe von »initgroups() " +"die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "ldap_opt_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten " +"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt " +"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "SUDO-OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Detaillierte Anweisungen zur Konfiguration von sudo_provider finden Sie in " +"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "die Objektklasse eines Sudo-Regeleintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "Voreinstellung: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "das LDAP-Attribut, das dem Namen der Sudo-Regel entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "das LDAP-Attribut, das dem Namen des Befehls entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "Voreinstellung: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"das LDAP-Attribut, das dem Rechnernamen (oder der IP-Adresse, dem IP-" +"Netzwerk oder des Netzwerkgruppe des Rechners) entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "Voreinstellung: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"das LDAP-Attribut, das dem Benutzernamen (oder der UID, dem Gruppennamen " +"oder der Netzwerkgruppe des Benutzers) entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "Voreinstellung: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "das LDAP-Attribut, das den Sudo-Optionen entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "Voreinstellung: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"das LDAP-Attribut, das dem Benutzernamen entspricht, unter dem Befehle " +"ausgeführt werden können" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "Voreinstellung: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"das LDAP-Attribut, das dem Gruppennamen oder der GID der Gruppe entspricht, " +"worunter Befehle ausgeführt werden können" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "Voreinstellung: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"das LDAP-Attribut, das dem Startdatum und der Startzeit entpricht, wann die " +"Sudo-Regel gültig wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "Voreinstellung: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"das LDAP-Attribut, das dem Ablaufdatum und der Ablaufzeit entspricht, nach " +"der die Sudo-Regel nicht länger gültig ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "Voreinstellung: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "das LDAP-Attribut, das dem Reihenfolgenindex der Regel entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "Voreinstellung: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"wie viele Sekunden SSSD zwischen einer vollständigen Aktualisierung von Sudo-" +"Regeln warten wird (wodurch alle auf dem Server gespeicherten Regeln " +"heruntergeladen werden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"Der Wert muss größer als <emphasis>ldap_sudo_smart_refresh_interval</" +"emphasis> sein." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "Voreinstellung: 21600 (6 Stunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" +"wie viele Sekunden SSSD warten soll, bevor ein kluges Aktualisieren der Sudo-" +"Regeln ausgeführt wird (wodurch alle Regeln, die eine höhere USN als die " +"höchste USN der zwischengespeicherten Regeln haben, heruntergeladen werden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Falls vom Server keine USN-Attribute unterstützt werden, wird stattdessen " +"das Attribut »modifyTimestamp« benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Falls dies auf »true« gesetzt ist, wird SSSD nur die Regeln herunterladen, " +"die auf diese Maschine angewandt werden können (mittels der IPv4- oder IPv6-" +"Netzwerkadressen und Rechnernamen)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"durch Leerzeichen getrennte Listen von Rechnernamen oder voll qualifizierten " +"Domain-Namen, die zum Filtern der Regeln benutzt werden sollen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Falls diese Option leer ist, wird SSSD versuchen, den Rechnernamen und den " +"voll qualifizierten Domain-Namen automatisch herauszufinden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Falls <emphasis>ldap_sudo_use_host_filter</emphasis> <emphasis>false</" +"emphasis> ist, hat diese Option keine Auswirkungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "Voreinstellung: nicht angegeben" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"durch Kommata getrennte Liste von IPv4- oder IPv6-Rechner- beziehungsweise " +"Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Falls diese Option leer ist, wird SSSD versuchen, die Adressen automatisch " +"herauszufinden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Falls dies auf »true« gesetzt ist, wird SSSD jede Regel herunterladen, die " +"eine Netzgruppe im Attribut »sudoHost« enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Falls dies auf »true« gesetzt ist, wird SSSD jede Regel herunterladen, die " +"einen Platzhalter im Attribut »sudoHost« enthält." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Diese Handbuchseite beschreibt nur das Abbilden von Attributnamen. Eine " +"umfassende Erklärung der Sudo-bezogenen Attributsemantik finden Sie unter " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "AUTOFS-OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "Der Name der Automount-Master-Abbildung in LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "Voreinstellung: auto.master" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "die Objektklasse eines Automount-Abbildungseintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "Voreinstellung: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "der Name eines Automount-Abbildungseintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +#, fuzzy +#| msgid "" +#| "The key of an automount entry in LDAP. The entry usually corresponds to a " +#| "mount point." +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"der Schlüssel eines Automount-Eintrags in LDAP. Normalerweise entspricht der " +"Eintrag einem Einhängepunkt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: automountMap" +msgid "Default: automount" +msgstr "Voreinstellung: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"der Schlüssel eines Automount-Eintrags in LDAP. Normalerweise entspricht der " +"Eintrag einem Einhängepunkt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "Voreinstellung: automountInformation" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "ERWEITERTE OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und " +"LDAP auf eine der Domains im Abschnitt <replaceable>[domains]</replaceable> " +"gesetzt ist." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "ANMERKUNGEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Die Beschreibungen einiger Konfigurationsoptionen auf dieser Handbuchseite " +"basieren auf der Handbuchseite <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> der Distribution " +"OpenLDAP 2.4." + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>Die SSSD-Originalautoren – http://" +"fedorahosted.org/sssd</orgname>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "PAM-Modul für SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> ist die PAM-Schnittstelle des " +"Systemsicherheitsdienst-Daemons (»System Security Services daemon«/SSSD). " +"Fehler und Ergebnisse werden durch <command>syslog(3)</command> mit der " +"Fertigkeit LOG_AUTHPRIV protokolliert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "unterdrückt Protokollnachrichten für unbekannte Benutzer" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Falls <option>forward_pass</option> gesetzt ist, wird das eingegebene " +"Passwort in den Stapelverabeitungsspeicher gelegt, damit andere PAM-Module " +"es nutzen können." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"Das Argument »use_first_pass« zwingt das Modul ein vorher im " +"Stapelverabeitungsspeicher abgelegtes Passwort zu benutzen. Es wird den " +"Anwender nie fragen. Falls kein Passwort verfügbar oder das Passwort " +"ungeeignet ist, wird dem Benutzer der Zugriff verwehrt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Wenn das Passwort geändert wird, erzwingt das Modul, dass das neue Passwort " +"von einem vorher im Stapelverabeitungsspeicher abgelegten Passwortmodul " +"bereitgestellt wird." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Ist dies angegeben, wird der Benutzer weitere N mal nach einem Passwort " +"gefragt, falls die Authentifizierung fehlschlägt. Voreinstellung ist 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Bitte beachten Sie, dass diese Option möglicherweise nicht wie erwartet " +"funktioniert, falls eine Anwendung, die PAM aufruft, den Benutzerdialog " +"selbst abwickelt. Ein typisches Beispiel ist <command>sshd</command> mit " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Falls diese Option angegeben ist, aber der Benutzer nicht existiert, gibt " +"das PAM-Modul den Wert PAM_IGNORE zurück. Dies hat zur Folge, dass das PAM-" +"Framework dieses Modul ignoriert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Gibt an, dass das PAM-Modul PAM_IGNORE zurückgeben soll, falls der SSSD-" +"Daemon nicht kontaktiert werden kann. Dies hat zur Folge, dass das PAM-" +"Framework dieses Modul ignoriert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "BEREITGESTELLTE MODULTYPEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Alle Modultypen (<option>account</option>, <option>auth</option>, " +"<option>password</option> und <option>session</option>) werden " +"bereitgestellt." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "DATEIEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Falls ein Zurücksetzen des Passworts durch Root fehlschlägt, weil der " +"zugehörige SSSD-Anbieter das Zurücksetzen von Passwörtern nicht unterstützt, " +"kann eine individuelle Nachricht angezeigt werden. Diese Nachricht kann z.B. " +"Anweisungen enthalten, wie ein Passwort zurückgesetzt wird." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Die Nachricht wird aus der Datei <filename>pam_sss_pw_reset_message.LOC</" +"filename> gelesen, wobei LOC für eine durch <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry> zurückgegebene Zeichenkette steht. Falls dort keine passende " +"Datei ist, wird der Inhalt von <filename>pam_sss_pw_reset_message.txt</" +"filename> angezeigt. Root muss der Besitzer der Dateien sein und nur Root " +"kann Lese- und Schreibrechte haben, während alle anderen Anwender nur " +"Leserechte haben dürfen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Diese Dateien werden im Verzeichnis <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename> gesucht. Falls keine passende Datei vorhanden ist, " +"wird eine allgemeine Nachricht angezeigt." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Kerberos Locator-Plugin" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Das Kerberos Locator-Plugin <command>sssd_krb5_locator_plugin</command> wird " +"vom Kerberos-Anbieter von <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> verwendet, um für die Kerberos-" +"Bibliotheken festzulegen, welcher Realm und KDC verwendet werden soll. " +"Typischerweise geschieht dies in der Datei <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, die immer von den Kerberos-Bibliotheken gelesen wird. Um die " +"Konfiguration zu vereinfachen, können Realm und KDC in der Datei " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> definiert werden, so wie es in der Handbuchseite " +"zu <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> beschrieben ist." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> legt den Realm und den Namen oder die IP-Adresse der " +"Schlüsselverwaltungszentrale (KDC) in den Umgebungsvariablen SSSD_KRB5_REALM " +"beziehungsweise SSSD_KRB5_KDC ab. Wenn <command>sssd_krb5_locator_plugin</" +"command> durch die Kerberos-Bibliotheken aufgerufen wird, liest es diese " +"Variablen, wertet sie aus und gibt sie an die Bibliotheken zurück." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Nicht alle Kerberos-Implementierungen unterstützen die Verwendung von " +"Erweiterungen. Falls <command>sssd_krb5_locator_plugin</command> nicht auf " +"Ihrem System vorhanden ist, müssen Sie /etc/krb5.conf bearbeiten, damit sie " +"Ihre Kerberos-Einrichtung widerspiegelt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Falls die Umgebungsvariable SSSD_KRB5_LOCATOR_DEBUG auf irgendeinen Wert " +"gesetzt ist, werden Debug-Nachrichten an »stderr« gesandt." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"die Konfigurationsdatei für den »einfachen« Zugriffssteuerungsanbieter von " +"SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des einfachen " +"Zugriffssteuerungsanbieters für <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche " +"Syntax-Referenz finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Der einfache Zugriffsanbieter gewährt oder verweigert den Zugriff auf Basis " +"einer Zugriffs- oder Verbotsliste von Benutzer- oder Gruppennamen. Es gelten " +"die folgenden Regeln:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Falls alle Listen leer sind, wird Zugriff gewährt." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Falls irgendeine Liste bereitgestellt wird, ist die Reihenfolge der " +"Auswertung »erlauben,verbieten«. Das heißt, dass eine passende verbietende " +"Regeln jede passende erlaubende Regel ersetzt." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Falls eine oder beide »Erlaubnislisten« bereitgestellt werden, ist der " +"Zugriff allen Benutzern verboten, sofern sie nicht auf der Liste erscheinen." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Falls nur »Verbotslisten« bereitgestellt werden, wird der Zugriff allen " +"Benutzern gewährt, sofern sie nicht auf der Liste stehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Durch Kommata getrennte Liste von Benutzern, denen der Zugriff explizit " +"verwehrt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Durch Kommata getrennte Liste von Gruppen, die sich anmelden dürfen. Dies " +"gilt nur für Gruppen innerhalb dieser SSSD-Domain. Lokale Gruppen werden " +"nicht ausgewertet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Durch Kommata getrennte Liste von Gruppen, denen der Zugriff explizit " +"verwehrt wird. Dies gilt nur für Gruppen innerhalb dieser SSSD-Domain. " +"Lokale Gruppen werden nicht ausgewertet." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Einzelheiten über die Konfiguration einer SSSD-Domain finden Sie im " +"Abschnitt »DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Keine Werte für eine der Listen anzugeben ist so, als ob sie ganz " +"übersprungen würde. Hüten Sie sich davor, solange Parameter für den " +"einfachen Anbieter mittels automatischer Skripte erzeugt werden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Bitte beachten Sie, das es ein Konfigurationsfehler ist, wenn sowohl " +"»simple_allow_users« als auch »simple_deny_users« definiert sind." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und " +"example.com eine der im Abschnitt <replaceable>[sssd]</replaceable> " +"erwähnten Domains ist. Die Beispiele zeigen nur die anbieterspezifischen " +"Optionen des einfachen Anbieters." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"Die vollständige Hierarchie der Gruppenmitgliedschaft wird aufgelöst, bevor " +"die Zugriffsprüfung ausgeführt wird. Daher können selbst verschachtelte " +"Gruppen Teil der Zugriffslisten werden. Bitte beachten Sie, dass die Option " +"<quote>ldap_group_nesting_level</quote> die Ergebnisse beeinflussen kann und " +"daher auf einen ausreichenden Wert gesetzt werden sollte. Siehe " +"(<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "SSSD IPA-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des IPA-Anbieters für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt " +"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"Der IPA-Anbieter ist ein Backend, das zum Verbinden mit einem IPA-Server " +"benutzt wird. (Informationen über IPA-Server finden Sie auf der Website " +"»freeipa.org«.) Dieser Anbieter erfordert, dass der Rechner einer IPA-Domain " +"beitritt. Die Konfiguration wird nahezu vollständig selbst ermittelt und " +"direkt vom Server genommen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"Der IPA-Anbieter akzeptiert dieselben Optionen, die vom Identitätsanbieter " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> und dem Authentifizierungsanbieter <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> benutzt werden, mit einigen nachfolgend beschriebenen " +"Ausnahmen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" +"Es ist jedoch weder nötig noch empfohlen, diese Optionen zu setzen. Der IPA-" +"Anbieter kann außerdem als Zugriffs- und Chpass-Anbieter benutzt werden. Als " +"Zugriffsanbieter verwendet er HBAC-Regeln (host-based access control/" +"rechnerbasierte Zugriffssteuerung). Bitte wenden Sie sich an freeipa.org, um " +"weitere Informationen über HBAC zu erhalten. Client-seitig ist keine " +"Konfiguration des Zugriffsanbieters erforderlich." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"Der IPA-Anbieter wird den PAC-Responder benutzen, falls die Kerberos-Tickets " +"von Anwendern vertrauenswürdiger Realms ein PAC enthalten. Um die " +"Konfiguration zu vereinfachen, wird der PAC-Responder automatisch gestartet, " +"falls der IPA-ID-Anbieter konfiguriert ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "ipa_domain (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"gibt den Namen der IPA-Domain an. Dies ist optional. Ist er nicht angegeben, " +"wird der Domain-Name der Konfiguration benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Die durch Kommata getrennte Liste von IP-Adressen oder Rechnernamen der IPA-" +"Server in der Reihenfolge, in der sich SSSD mit ihnen verbinden soll. " +"Weitere Informationen über Ausfallsicherung und Redundanz finden Sie im " +"Abschnitt »AUSFALLSICHERUNG«. Falls automatisches Auffinden aktiviert ist, " +"ist dies optional. Weitere Informationen finden Sie im Abschnitt " +"»DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" +"optional, kann auf Maschinen, bei denen »hostname(5)« nicht den voll " +"qualifizierten Namen in der IPA-Domain widerspiegelt, benutzt werden, um sie " +"zu identifizieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" +"optional. Diese Option teilt SSSD mit, dass es den in FreeIPA v2 eingebauten " +"DNS-Server mit der IP-Adresse dieses Clients aktualisieren soll. Die " +"Aktualisierung wird mittels GSS-TSIG abgesichert. Für die Aktualisierungen " +"wird die IP-Adresse der IPA-LDAP-Verbindung benutzt, falls in der Option " +"»dyndns_iface« keine andere angegeben wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"HINWEIS: Auf älteren Systemen (wie RHEL 5) muss der Standard-Kerberos-Realm " +"ordentlich in /etc/krb5.conf gesetzt sein, damit dies zuverlässig " +"funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"HINWEIS: Obwohl es immer noch möglich ist, die alte Option " +"<emphasis>ipa_dyndns_update</emphasis> zu benutzen, sollten Anwender auf die " +"Verwendung von <emphasis>dyndns_update</emphasis> in ihrer " +"Konfigurationsdatei migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"die TTL, die beim Aktualisieren auf den Client-DNS-Datensatz angewandt wird. " +"Falls »dyndns_update« »false« ist, hat dies keine Auswirkungen. Diese wird " +"die Server-seitige TTL außer Kraft setzen, falls diese durch einen " +"Administrator gesetzt wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"HINWEIS: Obwohl es immer noch möglich ist, die alte Option " +"<emphasis>ipa_dyndns_ttl</emphasis> zu benutzen, sollten Anwender auf die " +"Verwendung von <emphasis>dyndns_ttl</emphasis> in ihrer Konfigurationsdatei " +"migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "Voreinstellung: 1200 (Sekunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +#, fuzzy +#| msgid "" +#| "Optional. Applicable only when dyndns_update is true. Choose the " +#| "interface whose IP address should be used for dynamic DNS updates." +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" +"optional, nur anwendbar, wenn »dyndns_update« »true« ist. Wählen sie die " +"Schnittstelle, deren IP-Adresse zum Aktualisieren des dynamischen DNS " +"benutzt werden soll." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"HINWEIS: Obwohl es immer noch möglich ist, die alte Option " +"<emphasis>ipa_dyndns_iface</emphasis> zu benutzen, sollten Anwender auf die " +"Verwendung von <emphasis>dyndns_iface</emphasis> in ihrer " +"Konfigurationsdatei migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "Voreinstellung: verwendet die IP-Adresse der IPA-LDAP-Verbindung" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Ist dies »true« und die Dienstsuche aktiviert (siehe den Abschnitt " +"Dienstsuche am Ende der Handbuchseite), dann wird SSSD zuerst versuchen, " +"eine standortbasierte Suche mittels einer Abfrage, die »_location.hostname." +"example.com« enthält, durchzuführen und dann auf die traditionelle SRV-Suche " +"zurückgreifen. Falls die standortbasierte Suche erfolgreich ist, werden die " +"georteten IPA-Server, die mit der standortbasierten Suche gefunden wurden, " +"als primäre Server betrachtet und die mit der traditionellen SRV-Suche " +"gefundenen als Sicherungsserver." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"wie oft das Backend periodische DNS-Aktualisierungen zusätzlich zur " +"automatisch beim Online-Gehen durchgeführten Aktualisierung vornehmen soll. " +"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"ob der PTR-Datensatz ebenfalls explizit aktualisiert werden soll, wenn die " +"DNS-Datensätze des Clients aktualisiert werden; nur anwendbar, wenn " +"»dyndns_update« »true« ist" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Diese Option sollte in den meisten IPA-Bereitstellungen »False« sein, da der " +"IPA-Server die PTR-Datensätze automatisch erzeugt, wenn sich " +"Weiterleitungsdatensätze ändern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "Voreinstellung: False (deaktiviert)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"ob das Hilfswerkzeug Nsupdate standardmäßig TCP zur Kommunikation mit dem " +"DNS-Server verwenden soll" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_server (string)" +msgstr "dyndns_iface (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +#, fuzzy +#| msgid "Default: False (let nsupdate choose the protocol)" +msgid "Default: None (let nsupdate choose the server)" +msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-" +"bezogene Objekte" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "Voreinstellung: verwendet Basis-DN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " +"Rechnerobjekte" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Informationen über das Konfigurieren mehrerer Suchgrundlagen finden Sie " +"unter »ldap_search_base«." + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " +"SELinux-Benutzerabbildungen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " +"vertrauenswürdige Domains" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das " +"Master-Domain-Objekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" +"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" +"Beachten Sie, dass sich diese Voreinstellung vom traditionellen Backend des " +"Kerberos-Anbieters unterscheidet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"der Name des Kerberos-Realm. Dieser ist optional. Standardmäßig ist es der " +"Wert von »ipa_domain«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"der Name des Kerberos-Realms hat in IPA eine besondere Bedeutung – er wird " +"in den Basis-DN umgewandelt, um ihn zur Durchführung von LDAP-Transaktionen " +"zu verwenden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" +"gibt an, ob der Rechner und User Principal beim Verbinden mit IPA-LDAP und " +"bei AS-Abfragen in die kanonische Form gebracht werden sollen. Diese " +"Funktionalität ist mit Kerberos >= 1.7 verfügbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Schaltet das flexible Authentifizierungs-Sicherheits-Tunneln (FAST) für die " +"Vorauthentifizierung von Kerberos ein. Die folgenden Optionen werden " +"unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "FAST wird <emphasis>nie</emphasis> verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" +"Es wird <emphasis>versucht</emphasis>, FAST zu verwenden. Sollte der Server " +"FAST nicht unterstützen, wird die Authentifizierung ohne FAST fortgesetzt. " +"Dies ist gleichbedeutend damit, dass diese Option überhaupt nicht gesetzt " +"wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis>: Fragt nach, ob FAST benutzt werden soll. Die " +"Authentifizierung schlägt fehl, falls der Server kein FAST erfordert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "Voreinstellung: try" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"HINWEIS: SSSD unterstützt FAST nur mit MIT-Kerberos-Version 1.8 und neuer. " +"Falls SSSD mit einer älteren Version von MIT-Kerberos benutzt wird, ist die " +"Verwendung dieser Option ein Konfigurationsfehler." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die " +"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele " +"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "Voreinstellung: 5 (Sekunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"die Zeit zwischen den Abrufen der SELinux-Abbildungen beim IPA-Server. Dies " +"wird die Wartezeit und Belastung des IPA-Servers verringern, falls dort " +"viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "Diese Option sollte nur vom IPA-Installer gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" +"Die Option zeigt an, dass SSSD auf einem IPA-Server läuft und dass das " +"Nachschlagen von Benutzern und Gruppen von vertrauenswürdigen Domains anders " +"durchgeführt werden sollte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "Voreinstellung: der Ort namens »default«" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "ANBIETER VON UNTER-DOMAINS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"Der Anbieter für IPA-Subdomains verhält sich geringfügig anders, je nachdem, " +"ob er explizit oder implizit konfiguriert wurde." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Falls die Option »subdomains_provider = ipa« im Domain-Abschnitt der »sssd." +"conf« gefunden wird, wird der IPA-Subdomain-Anbieter explizit konfiguriert " +"und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Falls die Option »subdomains_provider« nicht im Domain-Abschnitt der »sssd." +"conf« gesetzt ist, es dort aber die Option »id_provider = ipa« gibt, wird " +"der IPA-Subdomain-Anbieter implizit konfiguriert. In diesem Fall wird der " +"IPA-Anbieter deaktiviert, falls eine Subdomain-Anfrage fehlschlägt und " +"anzeigt, dass der Server keine Subdomains unterstützt, d.h. nicht zum " +"Vertrauen konfiguriert ist. Nach einer Stunde oder nachdem der IPA-Server " +"online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert und " +"example.com eine der im Abschnitt <replaceable>[sssd]</replaceable> " +"erwähnten Domänen ist. Diese Beispiele zeigen nur die anbieterspezifischen " +"Optionen von IPA." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "SSSD Active-Directory-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt " +"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" +"Der AD-Anbieter ist ein Backend, das für die Verbindung zu einem Active-" +"Directory-Server benutzt wird. Dieser Anbieter erfordert, dass die Maschine " +"der AD-Domain beigetreten und eine Keytab verfügbar ist." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"Der AD-Anbieter unterstützt das Verbinden mit Active Directory 2008 R2 oder " +"neuer. Frühere Versionen könnten funktionieren, werden aber nicht " +"unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +#, fuzzy +#| msgid "" +#| "The AD provider is able to provide identity information and " +#| "authentication for entities from trusted domains as well. Currently only " +#| "trusted domains in the same forest are recognized." +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" +"Der AD-Anbieter stellt Identitätsinformationen bereit und ermöglicht die " +"Authentifizierung für Einträge in vertrauenswürdigen Domains. Derzeit werden " +"nur vertrauenswürdige Domains im gleichen Wald unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"Der AD-Anbieter akzeptiert dieselben Optionen, die vom Identitätsanbieter " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> und dem Authentifizierungsanbieter <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> benutzt werden, mit einigen unten beschriebenen Ausnahmen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +#, fuzzy +#| msgid "" +#| "However, it is neither necessary nor recommended to set these options. " +#| "The AD provider can also be used as an access, chpass and sudo provider. " +#| "No configuration of the access provider is required on the client side." +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" +"Allerdings ist es weder notwendig noch empfehlenswert, diese Optionen zu " +"setzen. Der AD-Anbieter kann auch als Anbieter für »access«, »chpass« und " +"»sudo« verwendet werden. Auf der Client-Seite ist keine Konfiguration des " +"Zugriffs-Anbieters erforderlich." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" +"Standardmäßig bildet der Active-Directory-Anbieter die Werte für Benutzer- " +"und Gruppen-ID des objectSID-Parameters in Active Directory ab. Details " +"hierzu finden Sie im nachfolgenden Abschnitt <quote>ID-ABBILDUNG</quote>. " +"Falls Sie die ID-Abbildung deaktivieren und stattdessen die in Active " +"Directory definierten POSIX-Attribute verwenden wollen, sollten Sie " +"<placeholder type=\"programlisting\" id=\"0\"/> setzen. Um Benutzer und " +"Gruppen von vertrauenswürdigen Domains mittels POSIX-Attributen abfragen zu " +"können, muss der AD-Administrator sicherstellen, dass die POSIX-Attribute im " +"Globalen Katalog repliziert werden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" +"Für Benutzer, Gruppen und weitere von SSSD bereitgestellt Einträge wird die " +"Groß- oder Kleinschreibung nicht beachtet, um die Kompatibilität zur LDAP-" +"Implementation in Active Directory zu gewährleisten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "ad_domain (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"gibt den Namen der Active-Directory-Domain an. Dieser ist optional. Ist er " +"nicht angegeben, wird der Name der konfigurierten Domain benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Damit dies ordentlich funktioniert, sollte diese Option in der " +"kleingeschriebenen Variante der langen Version der Active-Directory-Domain " +"angegeben werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Der kurze Domain-Name (auch als NetBIOS- oder flacher Name bekannt) wird von " +"SSSD automatisch ermittelt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +#, fuzzy +#| msgid "" +#| "The comma-separated list of hostnames of the AD servers to which SSSD " +#| "should connect in order of preference. For more information on failover " +#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is " +#| "optional if autodiscovery is enabled. For more information on service " +#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"Die durch Kommata getrennte Liste von Rechnernamen der AD-Server in der " +"Reihenfolge, in der sich SSSD mit ihnen verbinden soll. Weitere " +"Informationen über Ausfallsicherung und Redundanz finden Sie im Abschnitt " +"»AUSFALLSICHERUNG«. Falls automatisches Auffinden aktiviert ist, ist dies " +"optional. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "ad_hostname (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" +"optional, kann auf Maschinen, bei denen »hostname(5)« nicht den voll " +"qualifizierten Namen in der Active-Directory-Domain widerspiegelt, benutzt " +"werden, um sie zu identifizieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" +"Dieses Feld wird benutzt, um den in der Keytab benutzten Host Principal zu " +"bestimmen. Er muss dem Rechnernamen entsprechen, für die die Keytab " +"ausgegeben wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Ist dies »true« und die Dienstsuche aktiviert (siehe den Abschnitt " +"Dienstsuche am Ende der Handbuchseite), dann wird SSSD zuerst versuchen, " +"sich mit dem Active-Directory-Server zu verbinden, um die Active Directory " +"Site Discovery zu benutzen und dann auf die DNS-SRV-Datensätze " +"zurückgreifen, falls keine AD-Site gefunden wurde. Die DNS-SRV-Konfiguration " +"wird ebenfalls einschließlich der Domain zur Aufdeckung bei der Site-" +"Aufdeckung verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" +"Diese Option gibt Zugriffskontrollfilter für LDAP an, die auf den Benutzer " +"passen müssen, damit ihm Zugriff gewährt werden kann. Bitte beachten Sie, " +"dass die Option <quote>access_provider</quote> explizit auf <quote>ad</" +"quote> gesetzt werden muss, damit sie wirksam ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" +"Diese Option unterstützt auch die Angabe verschiedener Filter pro Domain " +"oder Wald. Dieser erweiterte Filter würde bestehen aus: <quote>SCHLÜSSELWORT:" +"NAME:FILTER</quote>. Das Schlüsselwort kann entweder <quote>DOM</quote> oder " +"<quote>FOREST</quote> sein oder auch weggelassen werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" +"Falls das Schlüsselwort <quote>DOM</quote> ist oder fehlt, dann gibt der " +"<quote>NAME</quote> die Domain oder Subdomain an, auf die der Filter " +"angewendet werden soll. Ist das Schlüsselwort <quote>FOREST</quote>, dann " +"gilt der Filter für alle angegebenen Domains aus dem Wald, der in " +"<quote>NAME</quote> angegeben ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" +"Mehrere Filter können durch Fragezeichen <quote>?</quote> getrennt werden, " +"so wie es auch in Suchmaschinen üblich ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" +"Es wird stets der spezifischste Treffer verwendet. Wenn zum Beispiel in der " +"den Filter angebenden Option der Benutzer ein Mitglied ist und es sich um " +"einen globalen Filter handelt, wird der pro-Domain-Filter angewendet. Gibt " +"es mehrere Treffer, die der angeforderten Spezifikation entsprechen, wird " +"der erste verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "Voreinstellung: Nicht gesetzt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" +"Standardmäßig verbindet sich SSSD zuerst mit dem Globalen Katalog, um " +"Benutzer von vertrauenswürdigen Domains abfragen zu können. Der LDAP-Port " +"wird zum Ermitteln von Gruppenmitgliedschaften oder als Ausweichmöglichkeit " +"verwendet. Wenn Sie diese Option deaktivieren, verbindet sich SSSD nur mit " +"dem LDAP-Port des aktuellen Servers." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" +"Bitte beachten Sie, dass die Deaktivierung der Unterstützung für den " +"Globalen Katalog die Abfrage von Benutzern von vertrauenswürdigen Domains " +"nicht deaktiviert. SSSD würde sich stattdessen mit dem LDAP-Port der " +"vertrauenswürdigen Domains verbinden. Jedoch muss der Globale Katalog " +"verwendet werden, um domainübergreifende Gruppenmitgliedschaften auflösen zu " +"können." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" +"Diese Option legt den Operationsmodus für GPO-basierte Zugriffskontrolle " +"fest. Verfügbar sind die Modi »disabled«, »enforcing« und »permissive«. " +"Bitte beachten Sie, dass die Option <quote>access_provider</quote> explizit " +"auf <quote>ad</quote> gesetzt werden muss, damit sie wirksam ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" +"Die GPO-basierte Zugriffskontrolle verwendet gesetzte GPO-Regeln, um zu " +"ermitteln, ob sich ein bestimmter Benutzer an einem bestimmten Rechner " +"anmelden darf." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" +"ACHTUNG: Wird der Operationsmodus auf »enforcing« gesetzt, dann ist es " +"möglich, dass Benutzern, denen früher bereits einmal Zugriff gewährt wurde, " +"ihnen dieser nun verweigert wird (sofern dies von den GPO-Regeln " +"vorgeschrieben wird). Um Administratoren einen weichen Übergang zu " +"ermöglichen, ist der Modus »permissive« verfügbar, der die Umsetzung der " +"Zugriffskontrollregeln nicht erzwingt. Diese werden lediglich ausgewertet " +"und eine Meldung geht an das Systemprotokoll, falls tatsächlich der Zugriff " +"verweigert werden würde. Nach dem Untersuchen der Protokolle können " +"Administratoren nun die nötigen Änderungen vornehmen, bevor der Modus auf " +"»enforcing« gesetzt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "Für diese Option werden drei Werte unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" +"disabled: GPO-basierte Zugriffskontrollregeln werden weder ausgewertet noch " +"deren Anwendung erzwungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" +"enforcing: GPO-basierte Zugriffskontrollregeln werden sowohl ausgewertet als " +"auch deren Anwendung erzwungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" +"permissive: GPO-basierte Zugriffskontrollregeln werden zwar ausgewertet, " +"aber deren Anwendung nicht erzwungen. Stattdessen wird eine Meldung an das " +"Systemprotokoll ausgelöst, mit dem Inhalt, dass dem Benutzer der Zugriff " +"verweigert werden würde, wenn die Option auf »enforcing« gesetzt wäre." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "Voreinstellung: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "Voreinstellung: 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Voreinstellung: 86400 (24 Stunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Optional. Diese Option teilt SSSD mit, dass es den Active-Directory-DNS-" +"Server mit der IP-Adresse dieses Clients aktualisieren soll. Die " +"Aktualisierung wird mittels GSS-TSIG abgesichert. Infolgedessen muss der " +"Active-Directory-Verwalter nur sichere Aktualisierungen für die DNS-Zone " +"erlauben. Die IP-Adresse der AD-LDAP-Verbindung wird für die " +"Aktualisierungen verwendet, falls sie nicht anderweitig mittels der Option " +"»dyndns_iface« angegeben wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "Voreinstellung: 3600 (Sekunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +#, fuzzy +#| msgid "Default: Use the IP address of the AD LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "Voreinstellung: verwendet die IP-Adresse der AD-LDAP-Verbindung" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "Voreinstellung: True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"gibt an, ob der User Principal als Enterprise Principal betrachtet werden " +"soll. Weitere Informationen über Enterprise Principals finden Sie in " +"Abschnitt 5 von RFC 6806." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und " +"example.com auf eine der Domains im Abschnitt <replaceable>[sssd]</" +"replaceable> gesetzt ist. Dieses Beispiel zeigt nur die anbieterspezifischen " +"Optionen von AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Der AD-Zugriffssteuerungsanbieter prüft, ob das Konto erloschen ist. Es hat " +"dieselben Auswirkungen wie die folgende Konfiguration des LDAP-Anbieters: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Sudo mit dem SSSD-Backend konfigurieren" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"Diese Handbuchseite beschreibt, wie <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> konfiguriert wird, " +"damit es zusammen mit <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> funktioniert und wie SSSD Sudo-" +"Regeln zwischenspeichert." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Sudo so konfigurieren, dass es mit SSSD zusammenarbeitet" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Um SSSD als eine Quelle von Sudo-Regeln zu aktivieren, fügen Sie dem Eintrag " +"<emphasis>sudoers</emphasis> in <citerefentry> <refentrytitle>nsswitch.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> <emphasis>sss</" +"emphasis> hinzu." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Um zum Beispiel Sudo so zu konfigurieren, dass es zuerst die Regeln in der " +"Standarddatei <citerefentry> <refentrytitle>sudoers</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> nachschlägt (diese sollten Regeln " +"umfassen, die für lokale Benutzer gelten) und dann die in SSSD, sollte die " +"Datei »nsswitch.conf« die folgende Zeile enthalten:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Weitere Informationen über die Konfiguration der Suchreihenfolge der " +"»sudoers« aus der Datei »nsswitch.conf« sowie das LDAP-Schema, das zum " +"Speichern von Sudo-Regeln im Verzeichnis benutzt wird, können Sie unter " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> finden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" +"<emphasis>Hinweis</emphasis>: Um Netzgruppen oder IPA-Hostgruppen in sudo-" +"Regeln verwenden zu können, muss <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> korrekt auf den entsprechenden NIS-Domainnamen gesetzt werden. " +"Dieser entspricht dem IPA-Domainnamen, wenn Hostgruppen verwendet werden." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "SSSD zum Abrufen von Sudo-Regeln konfigurieren" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" +"Alle auf der SSSD-Seite erforderliche Konfiguration ist die Erweiterung der " +"Liste der <emphasis>Dienste</emphasis> mit \"sudo\" im Abschnitt [sssd] der " +"Handbuchseite zu <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Um LDAP-Suchvorgänge zu " +"beschleunigen, können Sie auch die Suchbasis für sudo-Regeln mit der Option " +"<emphasis>ldap_sudo_search_base</emphasis> festlegen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"Das folgende Beispiel zeigt, wie SSSD konfiguriert wird, damit es die Sudo-" +"Regeln von einem LDAP-Server herunterlädt." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" +"Wenn SSSD so konfiguriert ist, dass IPA als ID-Provider verwendet wird, dann " +"ist der Sudo-Provider automatisch aktiviert. Die Sudo-Suchmaschine wird so " +"konfiguriert, dass der compat-Baum verwendet wird (ou=sudoers,$DC)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "Der Zwischenspeichermechanismus für Sudo-Regeln" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"Die größte Herausforderung bei der Entwicklung von Sudo-Unterstützung in " +"SSSD war es, sicherzustellen, dass beim Ausführen von Sudo mit SSSD die " +"Datenquelle dieselbe Benutzererfahrung bereitstellt und so schnell wie Sudo " +"ist, aber weiterhin so viele aktuelle Regelsätze wie möglich bereitstellt. " +"Um diesen Anforderungen zu genügen, verwendet SSSD drei Arten von " +"Aktualisierungen. Sie werden als vollständiges Aktualisieren, kluges " +"Aktualisieren und Regelaktualisierung bezeichnet." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"Das <emphasis>kluge Aktualisieren</emphasis> lädt periodisch Regeln " +"herunter, die neu sind oder seit der letzten Aktualisierung geändert wurden. " +"Das Hauptziel hierbei ist es, die Datenbank anwachsen zu lassen, indem nur " +"kleine Erweiterungen abgerufen werden, die keinen großen Netzwerkverkehr " +"erzeugen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"Das <emphasis>vollständige Aktualisieren</emphasis> löscht einfach alle im " +"Zwischenspeicher abgelegten Regeln und ersetzt sie durch die auf dem Server " +"gespeicherten Regeln. Dies wird benutzt, um den Zwischenspeicher dadurch " +"konsistent zu halten, dass jede von Server gelöschte Regel entfernt wird. " +"Ein vollständiges Aktualisieren kann jedoch eine hohe Last erzeugen und " +"sollte daher nur gelegentlich abhängig von der Größe und Stabilität der Sudo-" +"Regeln ausgeführt werden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"Die <emphasis>Regelaktualisierung</emphasis> stellt sicher, dass dem " +"Benutzer nicht mehr Rechte als definiert gewährt werden. Es wird jedesmal " +"ausgelöst, wenn der Benutzer Sudo ausführt. Regelaktualisierung wird alle " +"Regeln suchen, die für diesen Benutzer gelten, ihren Ablaufzeitpunkt prüfen " +"und sie erneut herunterladen, falls sie erloschen sind. Im Fall, dass " +"irgendwelche der Regeln auf dem Server fehlen, wird SSSD außer der Reihe ein " +"vollständiges Aktualisieren durchführen, da möglicherweise weitere Regeln " +"(die für andere Benutzer gelten) gelöscht wurden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"SSSD wird, falls aktiviert, nur Regeln speichern, die auf diese Maschine " +"angewandt werden können. Das bedeutet, Regeln, die einen der folgenden Werte " +"im Attribut <emphasis>sudoHost</emphasis> enthalten:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "Schlüsselwort ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "Platzhalter" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "Netzgruppe (in der Form »+Netzgruppe«)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "Rechnername oder voll qualifizierter Domain-Namen dieser Maschine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "eine der IP-Adressen dieser Maschine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "eine der IP-Adressen des Netzwerks (in der Form »Adresse/Maske«)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Es gibt viele Konfigurationsoptionen, die benutzt werden können, um das " +"Verhalten anzupassen. Bitte lesen Sie »ldap_sudo_*« in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> und \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon (Systemsicherheitsdienst-Daemon)" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> stellt einen Satz Daemons bereit, um den Zugriff auf " +"ferne Verzeichnisse und Authentifizierungsmechanismen zu verwalten. Es " +"bietet eine NSS- und PAM-Schnittstelle zum System und ein erweiterbares " +"Backend-System zum Verbinden mit mehreren unterschiedlichen Kontenquellen " +"sowie der D-Bus-Schnittstelle. Es bildet außerdem die Grundlage für das " +"Bereitstellen von Client-Überprüfungen und Richtliniendiensten für Projekte " +"wie FreeIPA. Es stellt eine robustere Datenbank bereit, um lokale Benutzer " +"sowie erweiterte Benutzerdaten zu speichern." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>STUFE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>Modus</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: Den Debug-Nachrichten wird ein Zeitstempel " +"hinzugefügt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: Zeitstempel in Debug-Nachrichten werden deaktiviert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>Modus</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: Dem Zeitstempel in Debug-Nachrichten werden " +"Millisekunden hinzugefügt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis>: Millisekunden werden in Zeitstempeln deaktiviert" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" +"sendet die Ausgabe der Fehlersuche in Dateien statt auf die " +"Standardfehlerausgabe. Standardmäßig werden die Protokolldateien in " +"<filename>/var/log/sssd</filename> gespeichert. Dort gibt es separate " +"Protokolldateien für jeden SSSD-Dienst und jede Domain." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "wird nach dem Start ein Daemon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "läuft im Vordergrund und wird kein Daemon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"gibt eine Konfigurationsdatei an, die nicht Standard ist. Die Voreinstellung " +"ist <filename>/etc/sssd/sssd.conf</filename>. Auskunft über die Syntax und " +"Optionen der Konfigurationsdatei finden Sie in der Handbuchseite " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "gibt die Versionsnummer aus und beendet sich." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "Signale" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Informiert SSSD, dass es anstandslos alle Kindprozesse beenden und dann das " +"Überwachungsprogramm herunterfahren soll." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"teilt SSSD mit, dass es das Schreiben des aktuellen Dateideskriptors zur " +"Fehlersuche stoppen, ihn schließen und erneut öffnen soll. Dies ist dazu " +"gedacht, das Rotieren von Protokolldateien mit Programmen wie Logrotate zu " +"erleichtern." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" +"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, " +"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher " +"nicht." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "verschleiert ein Klartextpasswort" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORT]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> wandelt ein angegebenes Passwort in ein von " +"Menschen nicht lesbares Format um und legt es in einem geeigneten Domain-" +"Abschnitt der SSSD-Konfigurationsdatei ab." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Das Klartextpasswort wird von der Standardeingabe gelesen oder interaktiv " +"eingegeben. Das verschleierte Passwort wird in den Parameter " +"»ldap_default_authtok« einer angegebenen SSSD-Domain abgelegt und der " +"Parameter »ldap_default_authtok_type« wird auf »obfuscated_password« " +"gesetzt. Weitere Einzelheiten über diese Parameter finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Bitte beachten Sie, dass das Verschleiern von Passwörtern <emphasis>keinen " +"wirklichen Sicherheitsgewinn</emphasis> bietet, da es einem Angreifer immer " +"noch möglich ist, das Passwort wieder herzuleiten. Es wird " +"<emphasis>dringend</emphasis> geraten, bessere Authentifizierungsmechanismen " +"wie Client-seitige Zertifikate oder GSSAPI zu verwenden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" +"Das Passwort, das verschleiert werden soll, wird von der Standardeingabe " +"gelesen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"die SSSD-Domain, in der das Passwort benutzt wird. Der Standardname ist " +"»default«." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>DATEI</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "liest die durch den Positionsparameter angegebene Konfigurationsdatei." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Voreinstellung: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_userdel" +msgid "sss_override" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +#, fuzzy +#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "SUDO OPTIONS" +msgid "COMMON OPTIONS" +msgstr "SUDO-OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "Those options are available with all commands." +msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "sss_useradd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "erstellt einen neuen Benutzer" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" +"<command>sss_useradd</command> erstellt mittels der auf der Befehlszeile " +"angegebenen Werte sowie der Standardwerte des Systems ein neues " +"Benutzerkonto." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"setzt die UID des Benutzers auf den Wert von <replaceable>UID</replaceable>. " +"Wurde der Wert nicht angegeben, wird er automatisch ausgewählt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>KOMMENTAR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"irgendeine Zeichenkette, die den Benutzer beschreibt. Dieses Feld wird oft " +"für den vollständigen Namen des Benutzers verwendet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_VERZ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" +"das Home-Verzeichnis des Benutzerkontos. Standardmäßig wird der Name für die " +"<replaceable>ANMELDUNG</replaceable> an <filename>/home</filename> angehängt " +"und dies dann als Home-Verzeichnis benutzt. Das Basisverzeichnis, das " +"<replaceable>ANMELDUNG</replaceable> vorangestellt wird, ist über die " +"Einstellung »user_defaults/baseDirectory« in der »sssd.conf« einstellbar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" +"die Anmelde-Shell des Benutzers. Voreinstellung ist derzeit <filename>/bin/" +"bash</filename>. Die Voreinstellung kann über die Einstellung »user_defaults/" +"defaultShell« in der »sssd.conf« geändert werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-G</option>,<option>--groups</option> <replaceable>GRUPPEN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "eine Liste existierender Gruppen, denen dieser Benutzer auch angehört" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "<option>-m</option>,<option>--create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" +"erstellt das Home-Verzeichnis des Benutzers, falls es nicht existiert. Die " +"Dateien und Verzeichnisse, die in der Verzeichnisvorlage (die mit der Option " +"-k oder in der Konfigurationsdatei definiert werden kann) enthalten sind, " +"werden in das Home-Verzeichnis kopiert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" +"erstellt nicht das Home-Verzeichnis des Benutzers und setzt " +"Konfigurationseinstellungen außer Kraft." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKEL-VERZ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" +"die Verzeichnisvorlage mit Dateien und Verzeichnissen, die in das durch " +"<command>sss_useradd</command> neu erstellte Home-Verzeichnis des Benutzers " +"kopiert werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" +"Spezialdateien (block- und zeichenorientierte Geräte, benannte Pipes und " +"Unix-Sockets) werden nicht kopiert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" +"Diese Option ist nur gültig, falls die Option <option>-m</option> (oder " +"<option>--create-home</option>) angegeben wurde oder das Erstellen von Home-" +"Verzeichnissen in der Konfiguration auf »TRUE« gesetzt ist." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_BENUTZER</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" +"der SELinux-Benutzer für die Anmeldung des Benutzers. Ist er nicht " +"angegeben, wird die Voreinstellung des Systems benutzt." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "SSSD Kerberos-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des Authentifizierungs-" +"Backends Kerberos 5 für <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche Syntax-Referenz " +"finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Das Authentifizierungs-Backend Kerberos 5 enthält Authentifizierungs- und " +"Chpass-Anbieter. Es muss mit einem Identitätsanbieter verbunden werden, " +"damit es sauber läuft (zum Beispiel »id_provider = ldap«). Einige vom " +"Kerberos-5-Authentifizierungs-Backend benötigten Informationen wie der " +"»Kerberos Principal Name« (UPN) des Benutzers müssen durch den " +"Identitätsanbieter bereitgestellt werden. Die Konfiguration des " +"Identitätsanbieters sollte einen Eintrag haben, der den UPN angibt. " +"Einzelheiten, wie dies konfiguriert wird, finden Sie in der Handbuchseite " +"des entsprechenden Identitätsanbieters." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"Dieses Backend stellt ebenso eine Zugriffssteuerung bereit, die auf der " +"Datei .k5login im Home-Verzeichnis des Benutzers basiert. Weitere " +"Einzelheiten finden Sie unter <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. Bitte beachten Sie, " +"dass eine leere .k5login-Datei jegliche Zugriffe durch diesen Benutzer " +"verbietet. Verwenden Sie »access_provider = krb5« in Ihrer SSSD-" +"Konfiguration, um diese Funktionalität zu aktivieren." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"Im Fall, dass UPN nicht im Identitäts-Backend verfügbar ist, wird " +"<command>sssd</command> mittels des Formats <replaceable>Benutzername</" +"replaceable>@<replaceable>Krb5_Realm</replaceable> einen UPN konstruieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"gibt eine durch Kommata getrennte Liste von IP-Adressen oder Rechnernamen " +"der Kerberos-Server in der Reihenfolge an, in der sich SSSD mit ihnen " +"verbinden soll. Weitere Informationen über Ausfallsicherung und Redundanz " +"finden Sie im Abschnitt »AUSFALLSICHERUNG«. An die Adressen oder " +"Rechnernamen kann eine optionale Portnummer (der ein Doppelpunkt " +"vorangestellt ist) angehängt werden. Falls dies leer gelassen wurde, wird " +"die Dienstsuche aktiviert. Weitere Informationen finden Sie im Abschnitt " +"»DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"der Name des Kerberos-Realms. Diese Option wird benötigt und muss angegeben " +"werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Falls der Dienst zum Ändern von Passwörtern auf der " +"Schlüsselverwaltungszentrale (KDC) nicht läuft, können hier alternative " +"Server definiert werden. An die Adressen oder Rechnernamen kann eine " +"optionale Portnummer (der ein Doppelpunkt vorangestellt ist) angehängt " +"werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Weitere Informationen über Ausfallsicherung und Redundanz finden Sie im " +"Abschnitt »AUSFALLSICHERUNG«. HINWEIS: Selbst wenn es keine weiteren " +"»kpasswd«-Server mehr auszuprobieren gibt, wird das Backend nicht offline " +"gehen, da eine Authentifizierung gegen die Schlüsselverwaltungszentrale " +"(KDC) immer noch möglich ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Voreinstellung: KDC benutzen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" +"Das Verzeichnis zum Ablegen von Anmeldedaten-Zwischenspeichern. Alle " +"Ersetzungssequenzen von krb5_ccname_template können hier auch verwendet " +"werden, außer %d und %P. Das Verzeichnis wird als privat angelegt und ist " +"Eigentum des Benutzers. Die Zugriffsrechte werden auf 0700 gesetzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Voreinstellung: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (Zeichenkette)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "Anmeldename" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "Anmelde-UID" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "Principal-Name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "Realm-Name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "Home-Verzeichnis" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "Wert von krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "die Prozess-ID des SSSD-Clients" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "ein buchstäbliches »%«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" +"Der Ort für die Zwischenspeicherung der Anmeldedaten des Benutzers. Drei " +"Zwischenspeichertypen werden derzeit unterstützt: <quote>FILE</quote>, " +"<quote>DIR</quote> und <quote>KEYRING:persistent</quote>. Der " +"Zwischenspeicher kann entweder als <replaceable>TYP:REST</replaceable> oder " +"als absoluter Pfad angegeben werden, wobei Letzteres den Typ <quote>FILE</" +"quote> beinhaltet. In der Schablone werden die folgenden Sequenzen ersetzt: " +"<placeholder type=\"variablelist\" id=\"0\"/> Falls die Vorlage mit »XXXXXX« " +"endet, wird mkstemp(3) verwendet, um auf sichere Weise einen eindeutigen " +"Dateinamen zu erzeugen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" +"Wenn der KEYRING-Typ verwendet wird, ist <quote>KEYRING:persistent:%U</" +"quote> der einzige unterstützte Mechanismus. Hierfür wird der Schlüsselbund " +"des Linux-Kernels zum Speichern der Anmeldedaten getrennt nach Benutzer-IDs " +"verwendet. Dies wird auch empfohlen, da es die sicherste und " +"vorausberechenbarste Methode ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" +"Der Vorgabewert für den Anmeldedaten-Zwischenspeicher wird aus dem im " +"Abschnitt [libdefaults] der Datei krb5.conf enthaltenen Profil der " +"systemweiten Konfiguration bezogen. Der Name der Option ist " +"default_ccache_name. Im Abschnitt PARAMETER EXPANSION der Handbuchseite zu " +"krb5.conf(5) finden Sie zusätzliche Informationen zu dem in krb5.conf " +"definierten Format." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Voreinstellung: (aus libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Zeitüberschreitung in Sekunden, nach der eine Online-Anfrage zur " +"Authentifizierung oder Passwortänderung gescheitert ist. Falls möglich, wird " +"die Authentifizierung offline fortgesetzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist. " +"Die Einträge der Keytab werden der Reihe nach kontrolliert und der erste " +"Eintrag mit einem passenden Realm wird für die Überprüfung benutzt. Falls " +"keine Einträge dem Realm entsprechen, wird der letzte Eintrag der Keytab " +"verwendet. Dieser Prozess kann zur Überprüfung von Umgebungen mittels Realm-" +"übergreifendem Vertrauen benutzt werden, indem der dazugehörige Keytab-" +"Eintrag als letzter oder einziger Eintrag in der Keytab-Datei abgelegt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"der Speicherort der Keytab, der bei der Überprüfung von Berechtigungen " +"benutzt wird, die von Schlüsselverwaltungszentralen (KDCs) stammen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "Voreinstellung: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"speichert das Passwort des Benutzers, falls der Anbieter offline ist, und " +"benutzt es zur Abfrage des TGTs, wenn der Anbieter wieder online geht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"HINWEIS: Diese Funktionalität ist nur auf Linux verfügbar. Passwörter, die " +"auf diese Weise gespeichert wurden, werden im Klartext im Schlüsselbund des " +"Kernels aufbewahrt. Darauf kann unter Umständen (mit Mühe) durch den " +"Benutzer Root zugegriffen werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"fordert ein erneuerbares Ticket mit einer Gesamtlebensdauer an. Es wird als " +"Ganzzahl, der direkt eine Zeiteinheit folgt, angegeben:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> für Sekunden" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> für Minuten" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> für Stunden" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> für Tage" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" +"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die erneuerbare " +"Lebensdauer auf eineinhalb Stunden zu setzen, verwenden Sie »90m« statt " +"»1h30m«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Voreinstellung: nicht gesetzt, d.h. das TGT ist nicht erneuerbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Anforderungsticket mit einer Lebensdauer, angegeben als Ganzzahl, der direkt " +"eine Zeiteinheit folgt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" +"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die Lebensdauer auf " +"eineinhalb Stunden zu setzen, verwenden Sie »90m« statt »1h30m«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Voreinstellung: nicht gesetzt, d.h. die Standardlebenszeit des Tickets auf " +"der Schlüsselverwaltungszentrale (KDC)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"die Zeit in Sekunden zwischen zwei Prüfungen, ob das TGT erneuert werden " +"soll. TGTs werden erneuert, wenn ungefähr die Hälfte ihrer Lebensdauer " +"überschritten ist. Sie wird als Ganzzahl, der unmittelbar eine Zeiteinheit " +"folgt, angegeben:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Falls diese Option nicht oder auf 0 gesetzt ist, wird die automatische " +"Erneuerung deaktiviert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis>: FAST wird nie benutzt. Dies ist so, als ob diese " +"Einstellung gar nicht gemacht würde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis>: Es wird versucht, FAST zu benutzen. Falls der " +"Server kein FAST unterstützt, fährt die Authentifizierung ohne fort." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "HINWEIS: Zur Benutzung von FAST ist eine Keytab erforderlich." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "gibt den Server-Principal zur Benutzung von FAST an." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"gibt an, ob der Rechner und User-Principal in die kanonische Form gebracht " +"werden sollen. Diese Funktionalität ist mit MIT-Kerberos 1.7 und neueren " +"Versionen verfügbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "Voreinstellung: falsch (AD-Anbieter: wahr)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Falls das Authentifizierungsmodul Krb5 in einer SSSD-Domain benutzt wird, " +"müssen die folgenden Optionen verwendet werden. Einzelheiten über die " +"Konfiguration einer SSSD-Domain finden Sie im Abschnitt »DOMAIN-ABSCHNITTE« " +"der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert wurde " +"und FOO eine der Domains im Abschnitt <replaceable>[sssd]</replaceable> ist. " +"Dieses Beispiel zeigt nur die Authentifizierung mit Kerberos, sie umfasst " +"keine Identitätsanbieter." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "sss_groupadd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "erstellt eine neue Gruppe" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" +"<command>sss_groupadd</command> erstellt eine neue Gruppe. Diese Gruppen " +"sind kompatibel mit POSIX-Gruppen mit der zusätzlichen Funktionalität, dass " +"sie andere Gruppen als Mitglieder enthalten können." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"setzt die GID der Gruppe auf den Wert von <replaceable>GID</replaceable>. " +"Wurde der Wert nicht angegeben, wird er automatisch ausgewählt." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "löscht ein Benutzerkonto" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" +"<command>sss_userdel</command> löscht einen Benutzer, der durch den " +"Anmeldenamen <replaceable>ANMELDUNG</replaceable> vom System erkannt wird." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "<option>-r</option>,<option>--remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Dateien im Home-Verzeichnis des Benutzers werden zusammen mit dem Home-" +"Verzeichnis selbst und der Mail-Warteschlange des Benutzers entfernt. Dies " +"setzt die Konfiguration außer Kraft." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "<option>-R</option>,<option>--no-remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Dateien im Home-Verzeichnis des Benutzers werden NICHT zusammen mit dem Home-" +"Verzeichnis selbst und der Mail-Warteschlange des Benutzers entfernt. Dies " +"setzt die Konfiguration außer Kraft." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "<option>-f</option>,<option>--force</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" +"Diese Option erzwingt, dass <command>sss_userdel</command> das Home-" +"Verzeichnis des Benutzers und die Mail-Warteschlange sogar dann entfernt, " +"wenn sie dem angegebenen Nutzer nicht gehören." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "<option>-k</option>,<option>--kick</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" +"beendet, bevor der Benutzer tatsächlich gelöscht wird, alle seine Prozesse." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "löscht eine Gruppe" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" +"<command>sss_groupdel</command> löscht eine Gruppe namens " +"<replaceable>GRUPPE</replaceable> vom System." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "gibt die Eigenschaften einer Gruppe aus." + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" +"<command>sss_groupshow</command> zeigt Informationen über eine Gruppe namens " +"<replaceable>GRUPPE</replaceable> an. Die Informationen umfassen die Gruppen-" +"ID-Nummer, Mitglieder der Gruppe, sowie die übergeordnete Gruppe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "<option>-R</option>,<option>--recursive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" +"gibtt auch indirekte Gruppenmitglieder in einer baumartigen Hierarchie aus. " +"Beachten Sie, dass dies auch die Ausgabe der übergeordneten Gruppen " +"beeinflusst – ohne <option>R</option> werden nur die unmittelbar " +"übergeordneten Gruppen ausgegeben." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "ändert ein Benutzerkonto" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" +"<command>sss_usermod</command> ändert das durch <replaceable>ANMELDUNG</" +"replaceable> angegebene Konto, damit es die auf der Befehlszeile angegebenen " +"Änderungen widerzuspiegelt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "das Home-Verzeichnis des Benutzerkontos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "die Anmelde-Shell des Benutzers" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"hängt diesen Benutzer an die Gruppen an, die durch den Parameter " +"<replaceable>GRUPPEN</replaceable> angegeben werden. Der Parameter " +"<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste " +"von Gruppennamen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"entfernt diesen Benutzer aus Gruppen, die durch den Parameter " +"<replaceable>GRUPPEN</replaceable> angegeben werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "<option>-l</option>,<option>--lock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" +"sperrt das Benutzerkonto. Der Benutzer wird sich nicht anmelden können." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "<option>-u</option>,<option>--unlock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "entsperrt das Benutzerkonto." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "der SELinux-Benutzer für die Anmeldung des Anwenders" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "<option>--addattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "Ein Attribut/Wert-Paar hinzufügen. Das Format ist Attributname=Wert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" +"Ein Attribut auf ein Name/Wert-Paar setzen. Das Format ist " +"Attributname=Wert. Bei Attributen mit mehreren Werten ersetzt der Befehl die " +"bereits vorhandenen Werte." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "Ein Attribut/Wert-Paar löschen. Das Format ist Attributname=Wert." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "führt eine Bereinigung des Zwischenspeichers durch." + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" +"<command>sss_cache</command> annulliert Datensätze im SSSD-Zwischenspeicher. " +"Annullierte Datensätze werden zwangsweise neu vom Server geladen, sobald das " +"zugehörige SSSD-Backend online ist." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" +"annulliert alle zwischengespeicherten Einträge mit Ausnahme von Sudo-Regeln." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>Anmeldung</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "annulliert einen bestimmten Benutzer." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"annulliert alle Benutzerdatensätze. Diese Option setzt das Annullieren " +"bestimmter Benutzer außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>Gruppe</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "annulliert eine bestimmte Gruppe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"annulliert alle Gruppendatensätze. Diese Option setzt das Annullieren " +"bestimmter Gruppen außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>Netzgruppe</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "annulliert eine bestimmte Netzgruppe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"annulliert alle Netzgruppendatensätze. Diese Option setzt das Annullieren " +"bestimmter Netzgruppen außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>Dienst</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "annulliert einen bestimmten Dienst." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"annulliert alle Dienstdatensätze. Diese Option setzt das Annullieren " +"bestimmter Dienste außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>Autofs-" +"Abbildung</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "annulliert eine bestimmte Autofs-Abbildung." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"annulliert alle Autofs-Abbildungen. Diese Option setzt das Annullieren " +"bestimmter Abbildungen außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>Domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "begrenzt den Annullierungsprozess auf eine bestimmte Domain." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "ändert die Debug-Stufe, während SSSD ausgeführt wird." + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEUE_DEBUG_STUFE</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" +"<command>sss_debuglevel</command> ändert die Debug-Stufe des SSSD-" +"Überwachungsmonitors und Anbieters auf <replaceable>NEUE_DEBUG_STUFE</" +"replaceable> während SSSD ausgeführt wird." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "<replaceable>NEUE_DEBUG_STUFE</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "füllt den SSSD-Zwischenspeicher mit einem Benutzer" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>BENUTZER</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> füllt den SSSD-Zwischenspeicher mit einem " +"Benutzereintrag und einem temporären Passwort. Falls bereits ein " +"Benutzereintrag im SSSD-Zwischenspeicher vorhanden ist, wird der Eintrag mit " +"dem temporären Passwort aktualisiert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"stellt den Namen der Doamin bereit, in der der Benutzer Mitglied ist. Die " +"Domain wird auch zur Abfrage von Benutzerinformationen verwendet. Sie muss " +"in der »sssd.conf« konfiguriert sein. Die Option <replaceable>DOMAIN</" +"replaceable> muss bereitgestellt werden. Von der Domain geholte " +"Informationen setzen das, was in den Optionen bereitgestellt wurde, außer " +"Kraft." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>BENUTZER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"der Benutzername des Eintrags, der im Zwischenspeicher erstellt oder " +"verändert werden soll. Die Option <replaceable>BENUTZER</replaceable> muss " +"bereitgestellt werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "setzt die UID des Benutzers auf <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "setzt die GID des Benutzers auf <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"setzt das Home-Verzeichnis des Benutzers auf <replaceable>HOME_VERZ</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"setzt die Anmelde-Shell des Benutzers auf <replaceable>SHELL</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"interaktiver Modus zur Eingabe von Benutzerinformationen. Diese Option wird " +"nur nach Informationen fragen, die nicht von den Optionen bereitgestellt " +"oder in der Domain geholt werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>PASSWORTDATEI</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"gibt die Datei an, aus der das Passwort des Benutzers gelesen wird (ist es " +"nicht angegeben, wird nach dem Passwort gefragt)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"Die Länge des Passworts (oder die Größe der mit der Option -p oder --" +"password-file angegebenen Datei) muss kleiner oder gleich PASS_MAX Byte sein " +"(64 Byte auf Systemen ohne global definiertem Wert für PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "SSSD InfoPipe-Responder" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des InfoPipe-Responders für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Eine detaillierte Syntaxreferenz finden Sie im Abschnitt " +"<quote>DATEIFORMAT</quote> in der Handbuchseite zu <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"Der InfoPipe-Responder stellt eine öffentliche D-Bus-Schnittstelle bereit, " +"auf die über den Systembus zugegriffen werden kann. Die Schnittstelle " +"ermöglicht die Abfrage von Informationen zu entfernten Benutzern und Gruppen " +"über den Systembus." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" +"Diese Optionen können zur Konfiguration des InfoPipe-Responders verwendet " +"werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Gibt eine durch Kommata getrennte Liste der Benutzer-ID-Werte oder " +"Benutzernamen an, denen der Zugriff auf den InfoPipe-Responder erlaubt ist. " +"Benutzernamen werden beim Start in Benutzer-IDs aufgelöst." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"Voreinstellung: 0 (nur der Benutzer »root« darf auf den InfoPipe-Responder " +"zugreifen)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Beachten Sie, dass trotz der Verwendung der Benutzer-ID 0 als Voreinstellung " +"diese durch die Option überschrieben wird. Falls Sie wollen, dass dem Root-" +"Benutzer der Zugriff auf den InfoPipe-Responder gewährt werden soll, was der " +"typische Fall ist, müssen Sie 0 ebenfalls zur Liste der erlaubten Benutzer-" +"IDs hinzufügen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Gibt eine durch Kommata getrennte Liste der auf die weiße (erlaubt) " +"beziehungsweise schwarze Liste (blockiert) gesetzten Attribute an." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "Anmeldename des Benutzers" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "Benutzer-ID" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "primäre Gruppen-ID" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "Benutzerinformation, typischerweise der vollständige Name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "Benutzershell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"In der Voreinstellung erlaubt der InfoPipe-Responder nur die Abfrage des " +"Standardsatzes an POSIX-Attributen. Dieser Satz ist der gleiche, wie er von " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> zurückgegeben wird und enthält Folgendes: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Es ist möglich, ein weiteres Attribut zu diesem Satz hinzuzufügen, indem Sie " +"<quote>+attr_name</quote> verwenden. Explizit entfernen lässt sich ein " +"Attribut mit <quote>-attr_name</quote>. Um beispielsweise " +"<quote>telephoneNumber</quote> zu erlauben, aber <quote>loginShell</quote> " +"abzuweisen, können Sie folgende Konfiguration verwenden: <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Voreinstellung: Nicht gesetzt. Nur der Standardsatz an POSIX-Attributen ist " +"erlaubt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "SIEHE AUCH" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "holt autorisierte OpenSSH-Schlüssel" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>Optionen</replaceable> </arg> <arg " +"choice='plain'><replaceable>BENUTZER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> beschafft öffentliche SSH-" +"Schlüssel für den Anwender <replaceable>BENUTZER</replaceable> und gibt sie " +"im OpenSSH-Format »authorized_keys« aus (weitere Informationen finden Sie im " +"Abschnitt »AUTHORIZED_KEYS-DATEIFORMAT« von " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> kann so konfiguriert werden, dass es " +"<command>sss_ssh_authorizedkeys</command> zur Authentifizierung mit " +"öffentlichen Schlüsseln benutzt, falls es entweder mit Unterstützung für die " +"Optionen »AuthorizedKeysCommand« oder »PubkeyAgent« der <citerefentry> " +"<refentrytitle>sshd_config</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> kompiliert wurde." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" +"Falls »PubkeyAgent« unterstützt wird, kann " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> durch Setzen der folgenden Richtlinie in <citerefentry> " +"<refentrytitle>sshd_config</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> zu seiner Verwendung konfiguriert werden: <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"sucht nach öffentlichen Schlüsseln von Benutzern in der SSSD-Domain " +"<replaceable>DOMAIN</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "EXIT-STATUS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" +"Im Erfolgsfall ist der Rückgabewert 0, andernfalls wird 1 zurückgegeben." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "holt OpenSSH-Rechnerschlüssel" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>Optionen</replaceable> </arg> <arg " +"choice='plain'><replaceable>RECHNER</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_BEFEHL</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> beschafft öffentliche SSH-" +"Schlüssel für den Rechner <replaceable>RECHNER</replaceable> und speichert " +"sie in einer benutzerdefinierten OpenSSH-»known_hosts«-Datei (weitere " +"Informationen finden Sie im Abschnitt »SSH_KNOWN_HOSTS-DATEIFORMAT« von " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>) <filename>/var/lib/sss/pubconf/known_hosts</filename> und " +"stellt eine Verbindung zum Rechner her." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Falls ein <replaceable>PROXY_BEFEHL</replaceable> angegeben wurde, wird er " +"zum Erstellen der Verbindung mit dem Rechner benutzt, anstatt ein Socket zu " +"öffnen." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> kann durch Verwendung der folgenden Richtlinien für die " +"Konfiguration von <citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> so eingerichtet werden, dass es " +"<command>sss_ssh_knownhostsproxy</command> zur Authentifizierung des " +"Rechnerschlüssels benutzt: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"benutzt Port <replaceable>PORT</replaceable> zur Verbindung mit dem Rechner. " +"Standardmäßig wird Port 22 verwendet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"sucht in der SSSD-Domain nach <replaceable>DOMAIN</replaceable> öffentlichen " +"Schlüsseln für den Rechner." + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "DIENSTSUCHE" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"Die Dienstsuchfunktionalität ermöglicht es Backends, automatisch mit Hilfe " +"einer speziellen DNS-Abfrage geeignete Server zu suchen, mit denen sie sich " +"verbinden können. Diese Funktionalität wird nicht für Datensicherungs-Server " +"unterstützt." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Konfiguration" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Falls keine Server angegeben wurden, benutzt das Backend die Dienstsuche, um " +"einen Server zu finden. Wahlweise kann der Benutzer sowohl feste Server-" +"Adressen als auch die Dienstsuche durch Eingabe des speziellen " +"Schlüsselworts »_srv_« in der Server-Liste auswählen. Die bevorzugte " +"Reihenfolge wird verwaltet. Diese Funktionalität ist zum Beispiel nützlich, " +"falls der Anwender es vorzieht, die Dienstsuche zu verwenden, wann immer " +"dies möglich ist, und auf einen bestimmten Server zurückzugreifen, wenn " +"mittels DNS keine Server gefunden werden." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Der Domain-Name" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> beim Parameter »dns_discovery_domain«." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Das Protokoll" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Die Abfragen geben als Protokoll üblicherweise »_tcp« an. Ausnahmen sind in " +"der Beschreibung der entsprechenden Option dokumentiert." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Siehe auch" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Weitere Informationen über den Dienstsuchmechanismus finden Sie in RFC 2782." + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "AUSFALLSICHERUNG" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"Die Ausfallsicherungsfunktionalität ermöglicht es, dass Backends automatisch " +"auf einen anderen Server wechseln, falls der aktuelle versagt." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "AUSFALLSICHERUNGSSYNTAX" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"Die Server werden als durch Kommata getrennte Liste angegeben. Um das Komma " +"herum ist eine beliebige Anzahl von Leerzeichen erlaubt. Die Server werden " +"in Reihenfolge der Bevorzugung aufgeführt. Die Liste kann eine beliebige " +"Anzahl von Servern enthalten." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"Von jeder Konfigurationsoption mit aktivierter Ausfallsicherung existieren " +"zwei Varianten: <emphasis>primary</emphasis> und <emphasis>backup</" +"emphasis>. Die Idee dahinter ist, dass Server in der Liste »primary« " +"bevorzugt werden und nur nach »backup«-Servern gesucht wird, falls kein " +"»primary«-Server erreichbar ist. Falls ein »backup«-Server ausgewählt wird, " +"wird eine Dauer von 31 Sekunden bis zur Zeitüberschreitung festgelegt. Nach " +"dieser Zeit wird SSSD periodisch versuchen, sich mit einem der primären " +"Server zu verbinden. Ist dies erfolgreich, wird es den derzeit aktiven " +"(»backup«-)Server ersetzen." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Der Ausfallsicherungsmechanismus" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Der Ausfallsicherungsmechanismus unterscheidet zwischen einer Maschine und " +"einem Dienst. Das Backend versucht zuerst, den Rechnernamen der angegebenen " +"Maschine aufzulösen. Falls dieser Versuch scheitert, wird davon ausgegangen, " +"dass die Maschine offline ist und sie auch für keinen anderen Dienst zur " +"Verfügung steht. Kann der den Namen erfolgreich aufgelöst werden, versucht " +"das Backend, sich mit einem Dienst auf dieser Maschine zu verbinden. Ist das " +"nicht möglich, dann wird nur dieser bestimmte Dienst als offline angesehen " +"und das Backend wechselt automatisch weiter zum nächsten. Die Maschine wird " +"weiterhin als online betrachtet und kann immer noch für andere Dienste " +"herangezogen werden." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Weitere Verbindungsversuche zu Maschinen oder Diensten, die als offline " +"gekennzeichnet sind, werden erst nach einer angegebenen Zeitspanne " +"unternommen. Diese ist derzeit hart auf 30 Sekunden codiert." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Falls es weitere Maschinen durchzuprobieren gibt, wechselt das Backend als " +"Ganzes in den Offline-Modus und versucht dann alle 30 Sekunden, sich erneut " +"zu verbinden." + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ID-ABBILDUNG" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"Die ID-Abbildungsfunktionalität ermöglicht es SSSD, als Client eines Active " +"Directorys zu agieren, ohne dass Administratoren Benutzerattribute erweitern " +"müssen, damit POSIX-Attribute für Benutzer- und Gruppenkennzeichner " +"unterstützt werden." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"HINWEIS: Wenn ID-Abbildung aktiviert ist, werden die Attribute »uidNumber« " +"und »gidNumber« ignoriert. Dies geschieht, um mögliche Konflikte zwischen " +"automatisch und manuell zugewiesenen Werten zu vermeiden. Falls Sie manuell " +"zugewiesene Werte benutzen müssen, müssen Sie ALLE Werte manuell zuweisen." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" +"Bitte beachten Sie, dass die Änderung der die ID-Abbildung betreffenden " +"Konfigurationsoptionen auch die Änderung der Benutzer- und Gruppen-IDs nach " +"sich zieht. Momentan unterstützt SSSD die Änderung der IDs nicht, daher muss " +"die Datenbank entfernt werden. Da auch zwischengespeicherte Passwörter in " +"der Datenbank enthalten sind, sollte diese nur entfernt werden, während die " +"Authentifizierungsserver erreichbar sind, anderenfalls könnten Benutzer " +"ausgesperrt werden. Um das Passwort zwischenzuspeichern, muss eine " +"Authentifizierung ausgeführt werden. Es reicht nicht aus, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> zum Löschen der Datenbank auszuführen, vielmehr sind folgende " +"Schritte erforderlich:" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "Stellen Sie sicher, dass entfernte Server erreichbar sind." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Stoppen Sie den SSSD-Dienst." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Entfernen Sie die Datenbank." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Starten Sie den SSSD-Dienst." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" +"Außerdem ist es ratsam, vorauszuplanen und die ID-Abbildung gründlich zu " +"testen, da die Änderung der IDs Änderungen anderer Systemeigenschaften nach " +"sich ziehen könnte, wie die Besitzverhältnisse von Dateien und " +"Verzeichnissen." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Abbildungsalgorithmus" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory stellt für jedes Benutzer- und Gruppenobjekt im Verzeichnis " +"eine »objectSID« bereit. Diese »objectSID« kann in Bestandteile zerlegt " +"werden, die die Active-Directory-Domain-Identität und den relativen " +"Bezeichner (RID) des Benutzer- oder Gruppenobjekts darstellen." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"Der ID-Abbildungsalgorithmus von SSSD nimmt einen Bereich verfügbarer UIDs " +"und teilt sie in gleich große Bestandteile, »Slices« genannt. Jeder Slice " +"steht für den verfügbaren Speicher einer Active-Directory-Domain." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Wenn ein Benutzer- oder Gruppeneintrag für eine bestimmt Domain zum ersten " +"Mal vorgefunden wird, reserviert der SSSD einen der verfügbaren Slices für " +"diese Domain. Um eine Slice-Zuteilung auf verschiedenen Client-Maschinen " +"wiederholbar zu machen, wählen wir den Slice, der auf dem folgenden " +"Algorithmus basiert:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"Die Zeichenkette durchläuft den Algorithmus Murmurhash3, um sie in einen 32-" +"Bit-Hash-Wert umzuwandeln. Dann wird der Betrag dieses Werts mit der " +"Gesamtzahl verfügbarer Slices genommen, um den Slice auszusuchen." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"HINWEIS: Es ist möglich, dass Kollisionen zwischen dem Hash und " +"nachfolgenden Beträgen auftreten. In diesen Situationen werden wir den " +"nächsten verfügbaren Slice auswählen, aber es ist wahrscheinlich nicht " +"möglich, den genau gleichen Satz von Slices auf anderen Maschinen zu " +"reproduzieren (da die Reihenfolge, in der sie vorgefunden werden, ihren " +"Slice bestimmt). In dieser Situtation wird empfohlen, entweder auf die " +"Verwendung expliziter POSIX-Attribute in Active Directory zu wechseln (ID-" +"Abbildung deaktivieren) oder eine Standard-Domain zu konfigurieren, um " +"sicherzustellen, dass wenigstens eine immer beständig ist. Einzelheiten " +"finden Sie unter »Konfiguration«." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "Minimalkonfiguration (im Abschnitt »[domain/DOMAINNAME]«):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" +"Die Standardkonfiguration führt dazu, dass 10.000 Slices konfiguriert " +"werden, von denen jeder in der Lage ist, 200.000 IDs zu beinhalten, " +"beginnend bei 10.001 und endend bei 2.000.100.000. Dies sollte für die " +"meisten Bereitstellungen ausreichen." + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Fortgeschrittene Konfiguration" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (Ganzzahl)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"gibt die Untergrenze des Bereichs von POSIX-IDs an, der zum Abbilden von " +"Active-Directory-Benutzern und Gruppen-SIDs benutzt wird." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"HINWEIS: Diese Option unterscheidet sich von »min_id«, wobei »min_id« als " +"Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese " +"Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner " +"Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »min_id« " +"kleiner oder gleich »ldap_idmap_range_min« sein sollte." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "Voreinstellung: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (Ganzzahl)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"gibt die Obergrenze des Bereichs von POSIX-IDs an, der zum Abbilden von " +"Active-Directory-Benutzern und Gruppen-SIDs benutzt wird." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"HINWEIS: Diese Option unterscheidet sich von »max_id« wobei »max_id« als " +"Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese " +"Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner " +"Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »max_id« " +"größer oder gleich »ldap_idmap_range_max« sein sollte." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "Voreinstellung: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (Ganzzahl)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"gibt die Anzahl der für jeden Slice verfügbaren IDs an. Falls sich die " +"Bereichsgröße nicht gleichmäßig in die minimalen und maximalen Werte teilen " +"lässt, werden so viele komplette Slices wie möglich erstellt." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" +"HINWEIS: Der Wert dieser Option muss mindestens so groß sein wie die größte " +"Benutzer-RID, die jemals auf dem Active-Directory-Server verwendet werden " +"soll. Das Nachschlagen und Anmelden von Benutzern wird scheitern, wenn deren " +"RIDs größer sind als dieser Wert." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +#, fuzzy +#| msgid "" +#| "For example, if your most recently-added Active Directory user has " +#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +#| "<quote>ldap_idmap_range_size</quote> must be at least 1107." +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" +"Wenn beispielsweise der zuletzt hinzugefügte Active-Directory-Benutzer " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107 hat, muss " +"<quote>ldap_idmap_range_size</quote> mindestens 1107 sein." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" +"Es ist wichtig, für spätere Erweiterungen vorauszuplanen, da die Änderung " +"dieses Wertes zur Änderung aller ID-Abbildungen des Systems führt. Dadurch " +"können Benutzer andere lokale IDs als vorher haben." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (Zeichenkette)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"gibt die Domain-SID der Standard-Domain an. Dies wird sicherstellen, dass " +"diese Domain immer dem Slice null im ID-Abbild zugeordnet wird. Dabei wird " +"der oben beschriebene Murmurhash-Algorithmus umgangen." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (Zeichenkette)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "gibt den Namen der Standard-Domain an." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (Boolesch)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"ändert das Verhalten des ID-Abbildungsalgorithmus so, dass es dem " +"Algorithmus »idmap_autorid« von Winbind ähnlicher ist." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" +"Wenn diese Option konfiguriert wurde, werden Domains beginnend bei Slice " +"null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"HINWEIS: Der Algorithmus ist nicht deterministisch (er hängt von der " +"Reihenfolge ab, in der Benutzer und Gruppen abgefragt werden). Falls dieser " +"Modus aus Kompatibilitätsgründen mit Maschinen, die Winbind ausführen, " +"erforderlich ist, wird empfohlen, auch die Option " +"»ldap_idmap_default_domain_sid« zu verwenden. Dies soll sicherstellen, dass " +"mindestens eine Domain beständig für den Slice null reserviert ist." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_range_size (Ganzzahl)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "Bekannte Sicherheits-IDs" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" +"SSSD unterstützt das Nachschlagen der Namen sogenannter bekannter " +"Sicherheits-IDs, die eine spezielle unveränderliche Bedeutung haben. Da " +"generische Benutzer und Gruppen, die sich auf diese bekannten SIDs beziehen, " +"keine Entsprechung in einer Linux/UNIX-Umgebung haben, sind für diese " +"Objekte keine POSIX-IDs verfügbar." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" +"Der SID-Namensraum ist in Autoritäten organisiert, die als unterschiedliche " +"Domains betrachtet werden können. Die Autoritäten für die bekannten SIDs sind" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "Null-Autorität (Null Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "Weltweit anerkannte Autorität (World Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "Lokale Autorität (Local Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "Ersteller-Autorität (Creator Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "NT-Autorität (NT Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "Eingebaut" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" +"Die mit großem Anfangsbuchstaben geschriebenen Versionen dieser Namen werden " +"als Domainnamen verwendet, wenn der voll qualifizierte Name einer bekannten " +"Sicherheits-ID zurückgegeben wird." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" +"Da einige Dienstprogramme die Änderung der Sicherheits-ID-basierten " +"Zugriffskontrollinformationen mit Hilfe des Namens ermöglichen, anstelle die " +"Sicherheits-ID direkt zu verwenden, unterstützt SSSD die Suche nach der SID " +"anhand des Namens ebenfalls. Um Überschneidungen zu vermeiden, können nur " +"voll qualifizierte Namen bei der Suche nach bekannten Sicherheit-IDs " +"verwendet werden. Daher sollten die Domainnamen <quote>NULL AUTHORITY</" +"quote>, <quote>WORLD AUTHORITY</quote>, <quote> LOCAL AUTHORITY</quote>, " +"<quote>CREATOR AUTHORITY</quote>, <quote>NT AUTHORITY</quote> und " +"<quote>BUILTIN</quote> nicht als Domainnamen in <filename>sssd.conf</" +"filename> verwendet werden." + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "zeigt den Hilfetext und beendet sich." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"SSSD unterstützt zwei Darstellungsmodi für die Angabe der Debug-Stufe. Die " +"einfachste ist die Angabe eines Dezimalwerts von 0 bis 9, welche die " +"Aktivierung der Meldungen der entsprechenden Stufe und aller niederer Stufen " +"bewirkt. Eine umfassendere Option ist die Angabe einer hexadezimalen " +"Bitmaske, um spezifische Stufen zu aktivieren oder zu deaktivieren (wenn Sie " +"beispielsweise eine Stufe unterdrücken wollen)." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "derzeit unterstützte Debug-Stufen:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Schwerwiegende Fehler. " +"Alles was SSSD am Start hindern oder es beenden könnte." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Kritische Fehler. Dies " +"sind Fehler, die SSSD nicht gewaltsam beenden, aber mindestens eine " +"Hauptfunktion nicht sauber arbeitet." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Ernsthafte Fehler. Dies " +"sind Fehler, bei denen eine bestimmte Anfrage oder Operation fehlgeschlagen " +"ist." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Kleinere Fehler. Dies " +"sind Fehler, die von geringerer Bedeutung als die fehlgeschlagenen " +"Operationen in der Stufe 2 sind." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: " +"Konfigurationseinstellungen." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Funktionsdaten." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Meldungen aus der " +"Verfolgung von Operationsfunktionen." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Meldungen aus der " +"Verfolgung interner Kontrollfunktionen." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Inhalte " +"funktionsinterner Variablen, die von Interesse sein könnten." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Verfolgungsmeldungen " +"extrem niederster Ebene." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"Um die Debug-Stufen nach Bitmaske zu protokollieren, fügen Sie deren Nummern " +"hinzu, wie in den folgenden Beispielen gezeigt:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Beispiel</emphasis>: Um fatale, kritische, schwerwiegende Fehler " +"und Funktionsdaten zu protokollieren, benutzen Sie 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Beispiel</emphasis>: Um fatale Fehler, " +"Konfigurationseinstellungen, Funktionsdaten und Verfolgungsnachrichten für " +"interne Steuerfunktionen zu protokollieren, benutzen Sie 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Hinweis</emphasis>: Das Bitmasken-Format der Debug-Level wurde in " +"1.7.0 eingeführt." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "<emphasis>Voreinstellung</emphasis>: 0" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" +"<emphasis> Dies ist eine experimentelle Funktionalität. Fehler können Sie " +"auf http://fedorahosted.org/sssd melden.</emphasis>" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "DIE LOKALE DOMAIN" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Für korrektes Funktionieren muss eine Domain mit »id_provider=local« " +"erstellt sein und SSSD muss laufen." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"Möglicherweise möchte der Administrator in Fällen, in denen " +"Gruppenverschachtelung (siehe <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>) benötigt wird, " +"lokale Benutzer anstelle traditioneller UNIX-Benutzer verwenden. Die lokalen " +"Benutzer sind auch für das Testen und Entwickeln von SSSD nützlich, ohne " +"dass ein vollständiger ferner Server bereitgestellt werden muss. Die " +"<command>sss_user*</command>- und <command>sss_group*</command>-Werkzeuge " +"benutzen einen lokalen LDB-Speicher, um Benutzer und Gruppen abzulegen." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"ein optionaler Basis-DN, Gültigkeitsbereich für die Suche und LDAP-Filter, " +"um die LDAP-Suchen für diesen Attributtyp einzuschränken." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?Gültigkeitsbereich?[Filter][?Suchbasis?Gültigkeitsbereich?[Filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Syntax: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"Der Bereich kann entweder »base«, »onlevel« oder »subtree« sein. Die " +"Bereiche funktionieren wie im Abschnitt 4.5.1.2 auf http://tools.ietf.org/" +"html/rfc4511 angegeben." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Beispiele für diese Syntax finden Sie im Beispielabschnitt von " +"»ldap_search_base«." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Bitte beachten Sie, dass die Angabe von Gültigkeitsbereich oder Filter nicht " +"beim Suchen auf einem Active-Directory-Server unterstützt wird, der " +"möglicherweise eine große Anzahl an Ergebnissen zurückliefern und in der " +"Antwort die Erweiterung »Range Retrieval« auslösen könnte." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Bitte beachten Sie, dass der Automounter beim Start nur die Master-Abbildung " +"liest. Daher müssen Sie normalerweise, falls irgendwelche zu Autofs " +"gehörigen Änderungen in der »sssd.conf« vorgenommen wurden, den Automounter-" +"Daemon nach dem SSSD-Neustart ebenfalls neu starten." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (Zeichenkette)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "UID-Nummer" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "Domain-Name" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "voll qualifizierter Benutzername (Benutzer@Domain)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "das Original-Home-Verzeichnis, das vom Identitätsanbieter geholt wurde" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"Der Wert der Konfigurationsoption <emphasis>homedir_substring</emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"setzt das Home-Verzeichnis des Benutzers außer Kraft. Sie können entweder " +"einen absoluten Wert oder eine Schablone bereitstellen. In der Schablone " +"werden die folgenden Sequenzen ersetzt: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "Diese Option kann auch pro Domain gesetzt werden." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP geholten Wert benutzen)" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (Zeichenkette)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" +"Der Wert dieser Option wird als Auflösung der Option " +"<emphasis>override_homedir</emphasis> verwendet, falls die Vorlage die " +"Formatzeichenkette <emphasis>%H</emphasis> enthält. Ein LDAP-" +"Verzeichniseintrag kann diese Schablone direkt enthalten, so dass diese " +"Option zum Auflösen des Pfades zum Home-Verzeichnis für jeden Client-Rechner " +"(oder Betriebssystem) verwendet werden kann. Sie kann pro-Domain oder global " +"im Abschnitt [nss] gesetzt werden. Ein im Domain-Abschnitt angegebener Wert " +"setzt jenen im [nss]-Abschnitt außer Kraft." + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Voreinstellung: /home" + +#~ msgid "" +#~ "Please note that the default values correspond to the default schema " +#~ "which is RFC2307." +#~ msgstr "" +#~ "Bitte beachten Sie, dass die Standardwerte dem Standardschema RFC2307 " +#~ "entsprechen. " + +#~ msgid "Default: ou" +#~ msgstr "Voreinstellung: ou" --- sssd-1.13.4.orig/src/man/po/es.po +++ sssd-1.13.4/src/man/po/es.po @@ -0,0 +1,13010 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Adolfo Jayme Barrientos <fito@libreoffice.org>, 2012 +# Carlos Antolín Lucas <carlosantolin@hotmail.es>, 2012 +# beckerde <domingobecker@gmail.com>, 2013 +# Eduardo Villagrán M <gotencool@gmail.com>, 2011 +# Eduardo Villagrán M <gotencool@gmail.com>, 2011 +# vareli <ehespinosa@ya.com>, 2013 +# vareli <ehespinosa@ya.com>, 2013 +# Daniel Cabrera <logan@fedoraproject.org>, 2011 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/" +"es/)\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Páginas de manual de SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "modifica un grupo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "DESCRIPCION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> modifica el grupo para reflejar los cambios " +"indicados en la línea de comandos." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPCIONES" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Agrega este grupo a otros grupos que hayan sido indicados con el parámetro " +"<replaceable>GROUPS</replaceable>. El parámetros <replaceable>GROUPS</" +"replaceable> es una lista de nombres de grupos separados por comas." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Elimina este grupo de los grupos especificados con el parámetro " +"<replaceable>GROUPS</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "Formatos de archivo y convenciones" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "El archivo de configuración de SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "Formato de archivo" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"El archivo posee una sintaxis de tipo ini consistente de secciones y " +"parámetros. Una sección comienza con el nombre de dicha sección colocado " +"entre corchetes, y continua hasta que comienza la próxima sección. Este es " +"un ejemplo de una sección con parámetros de valores simples y múltiples: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Los tipos de datos utilizados son cadenas (no es necesario ingresarlos entre " +"comillas), enteros o booleanos (cuyos valores son <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Una línea de comentario comienza con una almohadilla (<quote>#</quote>) o un " +"punto y coma (<quote>;</quote>). No se soportan los comentarios en línea." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Todas las secciones pueden tener un parámetro opcional de " +"<replaceable>descripción</replaceable>. Su función es solo la de servir como " +"etiqueta a tal sección." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> debe ser un archivo regular, cuyo dueño sea " +"el usuario root, y sólo este usuario podrá tener permisos de lectura y " +"escritura sobre él." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "debug_level (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Predeterminado: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "Predeterminado: false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" +"Tiempo de espera en segundos entre latidos para este servicio. Esto se usa " +"para asegurar que el proceso está vivo y capaz de responder peticiones." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Predeterminado: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "SECCIONES ESPECIALES" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "La sección [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Parámetros de sección" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indica cuál es la sintaxis del archivo de configuración. SSSD 0.6.0 y " +"posteriores utilizan una versión 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "servicios" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" +"Una lista separadas por comas de los servicios que son iniciados cuando se " +"enciende sssd." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Cantidad de intentos de reconexión de los servicios ante una eventual caída " +"de datos del proveedor, o de reiniciarse antes de abandonar" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "dominios" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"Expresión regular por defecto que describe como analizar la cadena que " +"contiene el nombre de usuario y el dominio en estos componentes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" +"Cada dominio puede tener una expresión regular individual configurada. Para " +"algunos proveedores de ID hay también expresiones regulares por defecto. Vea " +"DOMAIN SECTIONS para más información sobre estas expresiones regulares." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Cada dominio puede tener una cadena de formato individual configurar. Vea " +"SECCIONES DOMINIO para más información sobre esta opción." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" +"SSSD monitorea el estado de resolv.conf para saber cuando es necesario " +"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para " +"ello la herramienta inotify, quien consultará a resolv.conf cada cinco " +"segundos en caso que inotify no pueda ser utilizado." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Existen algunas pocas situaciones en donde lo preferible es evitar el uso de " +"inotify. En estas raras excepciones, la opción debería ser definida en " +"'false' " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Predeterminado: 'true' en plataformas donde inotify tenga soporte. 'False' " +"en el resto de las plataformas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Nota: esta opción no tendrá efecto en plataformas donde inotify no se " +"encuenytre disponible. En estas plataformas, la consulta (polling) será " +"utilizada siempre." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Directorio en el sistema de archivos donde SSSD debería guardar fichero de " +"reproducción de cache de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Esta opción acepta un valor especial __LIBKRB5_DEFAULTS__ que instruirá a " +"SSSD para dejar a libkrb5 decidir la localización apropiada del escondrijo " +"de respuesta." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Por defecto: Distribución específica y especificado en la acumulación de " +"tiempo. (si no se configura __LIBKRB5_DEFAULTS__)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Esta cadena será usada como nombre de dominio por defecto para todos los " +"nombre sin un componente de nombre de dominio. El principal caso de uso es " +"en entornos donde el dominio principal está dirigido a gestionar las " +"políticas de host y todos los usuarios están localizados en un dominio " +"confiable. La opción permite a esos usuarios acceder sólo con su nombre de " +"usuario sin dar también un nombre de dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "Predeterminado: no definido" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "re_expression (string)" +msgid "certificate_verification (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +#, fuzzy +#| msgid "Default: not set, i.e. service discovery is disabled" +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Trozos individuales de funcionalidad SSSD son suministrados por servicios " +"especiales SSSD que se inician y parar junto a SSSD. Los servicios son " +"gestionados por un servicio especial frecuentemente llamado <quote>monitor</" +"quote>. La sección <quote>[sssd]</quote> se usa para configurar el monitor " +"así como algunas otras opciones importantes como la identidad de dominios. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "SECCIONES DE SERVICIOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Los ajustes que pueden ser utilizados para configurar diferentes servicios " +"se describe en esta sección. Ellos deben residir en la sección [<replaceable>" +"$NAME</replaceable>], por ejemplo, para el servicio NSS, la sección sería " +"<quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "Opciones de configuración de servicios generales" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "Estas opciones pueden usarse para configurar cualquier servicio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Esta opción especifica el número máximo de descriptores de ficheros que " +"pueden ser abiertos a la vez por este proceso SSSD. Sobre sistemas donde " +"SSSD ha alcanzado la capacidad CAP_SYS_RESOURCE, este será un ajuste " +"absoluto. Sobre sistemas sin esta capacidad, el valor resultante será el " +"valor más bajo de este o de limite “hard” en limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" +"Esta opción especifica el número de segundos que un cliente de un proceso " +"SSSD puede retener un desciptor de fichero sin comunicarlo. Este valor está " +"limitado con el objetivo de evitar un agotamiento de los recursos del " +"sistema." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "Predeterminado: 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "force_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" +"Si un servicio no está respondiendo a las comprobaciones ping (vea la opción " +"<quote>timeout</quote>), primero enviará la señal SIGTERM que le instruye a " +"salir amigablemente. Si el servicio no termina después de " +"<quote>force_timeout</quote> segundos, el monitor le forzara a caer enviando " +"una señal SIGKILL." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "Predeterminado: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "Opciones de configuración de NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Estas opciones pueden ser usadas para configurar el servicio Name Service " +"Switch (NSS)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Cuantos segundos ocultaría enumeraciones nss_sss (peticiones de información " +"sobre todos los usuarios)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Predeterminado: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"La entrada a la cache puede ser fijada automáticamente para actualizar " +"entradas en segundo plano si hay peticiones más allá de un porcentanje del " +"valor de entry_cache_timeout para el dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Por ejemplo, si entry_cache_timeout del dominio está fijado a 30 y " +"entry_cache_nowait_percentage está fijado a 50 (por ciento), las entradas " +"que vengan después de 15 segundos pasado el último cache serán devueltas " +"inmediatamente, pero SSSD irá y actualizará el cache por el mismo, de modo " +"que las futuras peticiones no necesitarán bloquearse a la espera de una " +"actualización del cache." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Los valores válidos para esta opción son 0-99 y representan un porcentaje de " +"entry_cache_timeout para cada dominio. Por razones de rendimiento, este " +"porcentaje nunca reducirá el tiempo de salida de no espera a menos de 10 " +"segundos. (0 deshabilita esta función)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "Predeterminado: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Especifica por cuantos segundos nss_sss escondería golpes negativos al cache " +"(esto es, consultas para entradas no válidas a la base de datos, como " +"entradas no existentes) antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Predeterminado: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" +"Excluye ciertos usuarios de ser exagerados por la base de datos sss NSS. " +"Esto es particularmente útil para cuentas de sistema. Esta opción puede ser " +"también fijada por dominio o incluir nombres totalmente cualificados para " +"filtrar sólo usuario de un dominio concreto." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "Predeterminado: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Si usted desea filtrar usuarios aunque sean miembros del grupo, fije esta " +"opción a false." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Fija la plantilla por defecto para el direcorio home del usuario si no se ha " +"especificado una explícitamente por el proveedor de datos del dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Los valores disponibles para esta opción son los mismos que para " +"override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Por defecto: no fijado (sin sustitución para los directorios home no fijados)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "override_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "allowed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Restringe la shell de usuario a uno de los valores listados. El orden de " +"evaluación es:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Si el shell está en la lista allowed_shells pero no en <quote>/etc/" +"shells</quote>, usa el valor del parámetro shell_fallback." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Si el shell no está en la lista allowed_shells y tampoco en <quote>/etc/" +"shells</quote>, se usará un shell de no acceso." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "Una cadena vacía para el shell se pasa como-es a libc." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"<quote>/etc/shells</quote> es de sólo lectura en el inicio SSSD, lo que " +"significa que se requiere el reinicio del SSSD en el caso de que se instale " +"una nueva shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "shell_fallback (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"La shell por defecto a usar si una shell permitida no está instalada en la " +"máquina." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "Predeterminado: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Por defecto: no fijado (Devuelve NULL si no se ha especificado una shell y " +"confía en libc para sustituir algo sensible cuando sea necesario, " +"normalmente /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Especifica el tiempo en segundos por los cuales la lista de subdominios será " +"considerada válida." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "memcache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid" +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" +"Especifica el tiempo en segundos durante el cual los archivos en el " +"escondrijo en memoria serán válidos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "Predeterminado: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "Opciones de configuración PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Estas opciones pueden ser usadas para configurar el servicio Pluggable " +"Authentication Module (PAM)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Si la autenticación del proveedor es fuera de línea, cuanto permitiríamos " +"los accesos escondidos (en días desde el último login en línea con éxito)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "Predeterminado: 0 (Sin límite)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Si la autenticación del proveedor es fuera de línea, cuantos intentos de " +"login fallados están permitidos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"El tiempo en minutos que ha de pasar después de que " +"offline_failed_login_attempts ha sido alcanzado antes de que un nuevo " +"intento de login sea posible." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Si se fija en 0 el usuario no puede autenticarse fuerta de línea si se ha " +"alcanzado offline_failed_login_attempts. Sólo una autenticación en línea con " +"éxito puede habilitar otra vez la autenticación fuera de línea." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "Predeterminado: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Controla qué tipo de mensajes se muestra al usuario durante la " +"autenticación. Cuanto mayor sea el número de mensajes más aparecen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "Actualmente sssd soporta los siguientes valores:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: mostrar todos los mensajes e información de " +"depuración" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Predeterminado: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Para cualquier petición PAM mientras SSSD está en línea, SSSD intentará " +"inmediatamente actualizar la información de identidad escondida por el " +"usuario con el objetivo de asegurar que la autenticación tiene lugar con la " +"información más actual." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Una conversación PAM completa puede llevar a cabo múltiples peticiones PAM, " +"como gestión de cuenta y apertura de sesión. Esta opción controla (sobre una " +"base de por cliente-aplicación) cuanto (en segundos) podemos esconder la " +"información de identidad para evitar excesivos viajes de ida y vuelata al " +"proveedor de identidad." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "Mostrar una advertencia N días antes que la contraseña caduque." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Por favor advierta que el servidor de punto final tiene que suministrar " +"información sobre el tiempo de expiración de la contraseña. Si esta " +"información desaparece, sssd no podrá mostrar un aviso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Si está fijado cero, no se aplicará el filtro, esto es si se recibe una " +"advertencia de expiración desde el servidor final, se mostrará " +"automáticamente." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Este ajuste puede ser anulado por el ajuste " +"<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Predeterminado: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +#, fuzzy +#| msgid "ldap_ns_account_lock (string)" +msgid "pam_account_locked_message (string)" +msgstr "ldap_ns_account_lock (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "pam_id_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "SUDO opciones de configuración" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Si se evalúan o no los atributos sudoNotBefore y sudoNotAfter que implementa " +"entradas de sudoers dependientes del tiempo." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "Opciones de configuración AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Especifica cuantos segundos debería el respondedor negativo autofs esconder " +"golpes (esto es, consultas a entradas de mapa no válidad, como las no " +"existentes) antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "Opciones de configuración SSH" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "Estas opciones se pueden usar para configurar el servicio SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Si se pican o no los nombres y las direcciones de host en fichero gestionado " +"known_host. " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"Cuantos segundos se mantiene un host en el fichero known_hosts gestionados " +"después de que se hayan pedido sus claves de host." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "Por defecto: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +#, fuzzy +#| msgid "mail_dir (string)" +msgid "ca_db (string)" +msgstr "mail_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "Predeterminado: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "Opciones de configuración del respondedor PAC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" +"El respondedor PAC trabaja junto el plugin de datos de autorización para MIT " +"Kerberos sssd_pac_plugin.so y un proveedor de subdominio. El plugin envía el " +"dato PAC durante una autenticación GSSAPI al respondedor PAC. El proveedor " +"de subdominio recoge los rangos SID e ID del dominio a los que se une el " +"cliente y de los dominio remotos de confianza desde el controlador de " +"dominio local. Si el PAC es descodificado y evaluado se hacen alguna de las " +"siguientes operaciones:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "allowed_uids (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Especifica la lista separada por comas de los valores UID o nombres de " +"usuario que tiene el acceso permitido al respondedor PAC." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Por defecto: 0 (sólo el usuario root tiene permitido el acceso al " +"respondedor PAC)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Por favor advierta que aunque la UID 0 se usa por defecto será anulada con " +"esta opción. Si usted deses todavía permitir al usuario root acceder al " +"respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la " +"lista de UIDs permitidas también." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "SECCIONES DE DOMINIO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "min_id, max_id (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Límites de UID y GID para el dominio. Si un dominio contiene una entrada que " +"está fuera de estos límites, ésta es ignorada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Para usuarios, esto afecta al límite primario GID. El usuario no será " +"devuelto a NSS si bien la UID o el GID primario está fuera de rango. Para " +"los miembros de grupos no primarios, aquellos que estén en rango serán " +"reportados como en espera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "enumerar (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" +"Determina si un dominio puede ser enumerado. Este parámetro puede tener uno " +"de los siguientes valores:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = Usuarios y grupos son enumerados" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = Sin enumeraciones para este dominio" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "Predeterminado: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" +"Nota: Habilitar la enumeración tiene un impacto en el rendimiento moderado " +"sobre SSSD mientras la enumeración está corriendo. Puede tomar varios " +"minutos desde que SSSD ha arrancado hasta completar todas las enumeraciones. " +"Durante este tiempo, las peticiones de información individuales irán " +"directamente a LDAP, aunque puede ser lento, debido al pesado proceso de " +"enumeración. Guardar un gran número de entradas en la cache después de " +"completar la enumeración puede también ser intenso para la CPU puesto que " +"las afiliaciones deben ser recalculadas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Mientras está corriendo la primera enumeración, peticiones para el usuario " +"completo o listas de grupo pueden no devolver resultados hasta que se " +"completen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Adicionalmente, la habilitación de la enumeración puede incrementar el " +"tiempo necesario para detectar la desconexión de red, tanto como los tiempos " +"de espera necesarios para asegurar que las búsquedas de enumeración se han " +"completado. Para más información vea las páginas de manual para el " +"específico id_provider en uso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"Por las razones citadas arriba, no se recomienda habilitar la enumeración, " +"especialmente en entornos grandes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Cuántos segundos debe considerar nss_sss como válidas las entradas antes de " +"volver a consultar al backend" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "Predeterminado: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de usuario válidas " +"antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "Por defecto: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de grupo válidas " +"antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de grupo de red " +"válidas antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de servicio válidas " +"antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"Cuantos segundos debería considerar las regulas sudo válidas antes de " +"preguntar al backend otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"Cuantos segundos deberá considerar el servicio autofs los mapas de " +"automontaje válidos antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" +"Determina si las credenciales del usuario están también escondidas en el " +"cache LDB local" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" +"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto " +"plano" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Entradas de números de días que son dejadas en el cache después del último " +"login con éxito antes de ser borrado durante la limpieza de la cache. 0 " +"significa mantener para siempre. El valor de este parámetro debe ser más " +"grande o igual que offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Predeterminado: 0 (ilimitado)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Por favor advierta que el servidor de backend tiene que suministrar " +"información sobre la hora expiración de la contraseña. Si esta información " +"está desaparecida, sssd no puede mostrar un aviso. También se tiene que " +"configurar un proveedor de autorización para el backend." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "id_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"El proveedor de identificación usado por el dominio. Los proveedores de ID " +"soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: Proveedor LDAP. Vea <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más " +"información sobre la configuración de LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" +"<quote>ipa</quote>: Proveedor FreeIPA y Red Hat Enterprise Identity " +"Management. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración de FreeIPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: Proveedor Active Directory. Vea <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración de Active " +"Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Utiliza el nombre completo y el dominio (formateado en el formato " +"nombre_completo de dominio) como el nombre de acceso del usuario reportado a " +"NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Si es TRUE, todas las peticiones a este dominio deben usar nombres " +"totalmente cualificados. Por ejemplo, si se usa en el dominio LOCAL que " +"contiene un usuario “test”, <command>getent passwd test</command> no " +"encontraría al usuario mientras que <command>getent passwd test@LOCAL</" +"command> lo haría." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "No devuelve miembros de grupo para búsquedas de grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "auth_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"El proveedor de autenticación usado por el dominio. Los proveedores de " +"autenticación soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para autenticación nativa LDAP. Vea <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> para la reinstalación de la autenticación a algún otro " +"objetivo PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> deshabilita la autenticación explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Por defecto: <quote>id_provider</quote> se usa si se ha fijado y puede " +"manejar las peticiones de autenticación." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "access_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"El proveedor de control de acceso usado por el dominio. Hay dos provedores " +"de acceso integrados (además de cualquiera instalado en los finales). Los " +"proveedores especiales internos son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> siempre permite el acceso. Es el proveedor de acceso " +"sólo permitido para un dominio local." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> siempre niega el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> control de acceso basado en listas de acceso o " +"denegación. Vea <citerefentry> <refentrytitle>sssd-simple</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> para más información sobre la " +"configuración del módulo de acceso sencillo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "Predeterminado: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "chpass_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"El proveedor que debería manejar las operaciones de cambio de password para " +"el dominio. Los proveedores de cambio de passweord soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para cambiar una contraseña almacenada en un servidor " +"LDAP. Vea <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre " +"configurar LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> para cambiar una contraseña Kerberos. Vea <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> para la reinstalación de cambios de password en algunos " +"otros objetivos PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" +"<quote>none</quote> deniega explícitamente los cambios en la contraseña." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Por defecto: <quote>auth_provider</quote> se utiliza si se ha fijado y se " +"puede manejar las peticiones de cambio de password." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "sudo_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para reglas almacenadas en LDAP. Vea <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote>deshabilita SUDO explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "selinux_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"El proveedor que manejaría la carga de los ajustes selinux. Advierta que " +"este proveedor será llamado justo después de que el proveedor de acceso " +"finalice. Los proveedores selinux soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar ajustes selinux desde un servidor IPA. Vea " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre la configuración de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" +"<quote>none</quote> deshabilita ir a buscar los ajustes selinux " +"explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Por defecto: <quote>id_provider</quote> se usa si está fijado y puede " +"manejar las peticiones de carga selinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"El proveedor que debería manejar el atractivo de subdominios. Este valor " +"debería ser siempre el mismo que id_provider. Los proveedores de subdominio " +"soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar una lista de subdominios desde un servidor " +"IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración de IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" +"<quote>none</quote> deshabilita el buscador de subdominios explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "autofs_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"El proveedor autofs usado por el dominio. Los proveedores autofs soportados " +"son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para cargar mapas almacenados en LDAP. Vea " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre la configuración de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre la configuración de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote> to load maps stored in an IPA server. See " +#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring IPA." +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre la configuración de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> deshabilita autofs explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "hostid_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"El proveedor usado para recuperar información de identidad de host. Los " +"proveedores de hostid soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar la identidad del equipo almacenada en un " +"servidor IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración de IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> deshabilita hostid explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" +"Por defecto para el proveedor AD e IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> que permite tres estilos diferentes de " +"nombres de usuario:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "nombre de usuario" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "username@domain.name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "dominio/nombre_de_usuario" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Mientras los primeros dos corresponden al valor por defecto general el " +"tercero se introduce para permitir una fácil integración de usuarios desde " +"dominios Windows." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" +"Predeterminado: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" +"quote> que traduce al \"todo lo que hay hasta el signo <quote>@</quote> es " +"el nombre, el dominio es el resto detrás de este signo\"" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" +"POR FAVOR ADVIERTA: el soporte para subplantillas sin nombre único no está " +"disponible en todas las plataformas (por ejemplo, RHEL5 y SLES10). Sólo las " +"plataformas con la versión de libpcre 7 o superior pueden soportar las " +"subplantillas sin nombre único." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" +"POR FAVOR TENGA EN CUENTA ADEMAS: Versiones anteriores de libpcre sólo " +"soportan la sintaxis Python (?P<name>) para identificar subpatrones." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Predeterminado: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Suministra la capacidad para seleccionar la familia de dirección preferente " +"a usar cuando se lleven a cabo búsquedas DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "Valores soportados:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "Predeterminado: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" +"Define la cantidad de tiempo (en segundos) para esperar una respuesta desde " +"el DNS antes de asumir que es inalcanzable. Si se alcanza este tiempo de " +"espera, el dominio continuará operativo en modo fuera de línea." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Predeterminado: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Si el descubridor de servicio se usa en el punto final, especifica la parte " +"de dominio de la pregunta al descubridor de servicio DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" +"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "override_gid (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "Anula el valor primario GID con el especificado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una " +"segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en " +"el caso de que el nombre pedido fuera un alias. Fijando esta opción a true " +"se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por " +"razones de rendimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Este valor puede ser anulado por la opción <emphasis>override_homedir</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Por defecto: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "memcache_timeout (int)" +msgid "cached_auth_timeout (int)" +msgstr "memcache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Estas opciones de configuración pueden estar presentes en la sección " +"configuración de dominio, esto es, en una sección llamada <quote>[domain/" +"<replaceable>NAME</replaceable>]</quote> <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "El proxy de destino PAM próximo a." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" +"Por defecto: no se fija por defecto, usted tiene que coger una configuración " +"pam existente o crear una nueva y añadir el nombre de servicio aquí." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"El nombre de la librería NSS para usar en los dominios proxy. Las funciones " +"NSS buscadas dentro de la librería están el formato de _nss_$(libName)_" +"$(function), por ejemplo _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" +"Opciones válidas para dominios proxy. <placeholder type=\"variablelist\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "La sección de dominio local" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" +"Esta sección contiene la configuración para dominio que almacena los " +"usuarios y grupos en la base de datos SSSD nativa, es decir, un dominio que " +"utiliza <replaceable>id_provider=local</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "default_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" +"El shell predeterminado para los usuarios creados con herramientas de " +"espacio de usuario SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "Predeterminado: <filename>/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "base_directory (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" +"Las herramientas anexan el nombre de inicio de sesión para " +"<replaceable>base_directory</replaceable> y utilizan éste como el directorio " +"de inicio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "Predeterminado: <filename>/home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "create_homedir (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" +"Indica si se creará un directorio home por defecto para los nuevos usuarios. " +"Puede ser anulado desde la línea de comando." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "Predeterminado: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "remove_homedir (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" +"Indica si el directorio home será borrado por defecto para los usuarios " +"borrados. Puede ser anulado desde la línea de comando." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "homedir_umask (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" +"Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> para especificar los permisos " +"predeterminados en un directorio de inicio recién creado." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "Predeterminado: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "skel_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" +"El directorio esqueleto, el cual contiene archivos y directorios a copiarse " +"en el directorio principal del usuario, cuando se crea el directorio " +"principal de <citerefentry><refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "Predeterminado: <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "mail_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" +"El directorio carreta de correo. Es necesario para manipular el buzón de " +"correo cuando la cuenta de usuario correspondiente es modificada o borrada. " +"Si no se especifica, se utiliza un valor por defecto." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "Predeterminado: <filename>/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "userdel_cmd (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" +"El comando que está corriendo después de que un usuario es borrado. El " +"comando us para el nombre de usuario que está siendo borrado como primer y " +"único parámetro. El código de retorno del comando no es tenido en cuenta." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "Predeterminado: None, no se ejecuta comando" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "EJEMPLO" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"El siguiente ejemplo muestra una configuración SSSD típica. No describe la " +"configuración de los dominios en si mismos – vea la documentación sobre la " +"configuración de dominios para más detalles. <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"Esta página de manual describe la configuración de dominios LDAP para " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de " +"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para información detallada de la sintáxis." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Puede configurar SSSD para usar más de un dominio LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" +"El punto final de LDAP soporta proveedores de id, auth, acceso y chpass. Si " +"usted desea autenticarse contra un servidor LDAP se requiere bien TLS/SSL o " +"LDAPS. <command>sssd</command> <emphasis>no</emphasis> soporta autenticación " +"sobre un canal no esncriptado. Si el servidor LDAP se usa sólo como un " +"proveedor de identidad, no se necesita un canal encriptado. Por favor vea la " +"opción de configuración <quote>ldap_access_filter</quote> para más " +"información sobre la utilización de LDAP como proveedor de acceso." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "OPCIONES DE CONFIGURACIÓN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Especifica una lista separada por comas de URIs del servidor LDAP al que " +"SSSD se conectaría en orden de preferencia. Vea la sección " +"<quote>CONMUTACIÓN EN ERROR</quote> para más información sobre la " +"conmutación en error y la redundancia de servidor. Si no hay opción " +"especificada, se habilita el descubridor de servicio. Para más información, " +"vea la sección <quote>DESCUBRIDOR DE SERVICIOS</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" +"El formato de la URI debe coincidir con el formato definido en RFC 2732:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"Para direcciones IPv6 explícitas, <host> debe estar entre corchetes []" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "ejemplo: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Especifica la lista separada por comas de URIs de los servidores LDAP a los " +"que SSSD se conectaría con el objetivo preferente de cambiar la contraseña " +"de un usuario. Vea la sección <quote>FAILOVER</quote> para más información " +"sobre failover y redundancia de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe " +"ser establecido." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Por defecto: vacio, esto es ldap_uri se está usando." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"El DN base por defecto que se usará para realizar operaciones LDAP de " +"usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Desde SSSD 1.7.0, SSSD soporta múltiples bases de búsqueda usando la " +"sintaxis:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "El alcance puede ser uno de “base”, “onlevel” o “subtree”." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"El filtro debe ser un filtro de búsqueda LDAP válido como se especifica en " +"http://www.ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "Ejemplos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (que es equivalente a) ldap_search_base " +"= dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Nota: No está soportado tener múltiples bases de búsqueda que se referencien " +"a objetos nombrados idénticamente (por ejemplo, grupos con el mismo nombre " +"en dos bases de búsqueda diferentes). Esto llevara a comportamientos " +"impredecibles sobre máquinas cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Por defecto: no se fija, se usa el valor de los atributos " +"defaultNamingContext o namingContexts de RootDSE del servidor LDAP usado. " +"Si defaultNamingContext no existe o tiene un valor vacío se usa " +"namingContexts. El atributo namingContexts debe tener un único valor con el " +"DN de la base de búsqueda del servidor LDAP para hacer este trabajo. No se " +"soportan múltiples valores." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "ldap_schema (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Especifica el Tipo de Esquema en uso en el servidor LDAP objetivo. " +"Dependiendo del esquema seleccionado, los nombres de atributos por defecto " +"que se recuperan de los servidores pueden variar. La manera en que algunos " +"atributos son manejados puede también diferir." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "Cuatro tipos de esquema son actualmente soportados:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"La principal diferencia entre estos tipos de esquemas es como las " +"afiliaciones de grupo son grabadas en el servidor. Con rfc2307, los miembros " +"de grupos son listados por nombre en el atributo <emphasis>memberUid</" +"emphasis>. Con rfc2307bis e IPA, los miembros de grupo son listados por DN y " +"almacenados en el atributo <emphasis>member</emphasis>. El tipo de esquema " +"AD fija los atributos para corresponderse con los valores Active Directory " +"2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "Predeterminado: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "El tipo de ficha de autenticación del enlazador DN por defecto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "Los dos mecanismos actualmente soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "contraseña" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "Por defecto: contraseña" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" +"La ficha de autenticación del enlazador DN por defecto. Sólo se soportan " +"actualmente password de texto claro." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "La clase de objeto de una entrada de usuario en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "Predeterminado: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" +"El atributo LDAP que corresponde al nombre de inicio de sesión del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "Predeterminado: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "El atributo LDAP que corresponde al id de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "Predeterminado: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "Predeterminado: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "El atributo LDAP que corresponde al campo de gecos del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "Predeterminado: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" +"El atributo LDAP que contiene el nombre del directorio principal del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "Predeterminado: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"El atributo LDAP que contiene la ruta de acceso a la shell predeterminada " +"del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "Predeterminado: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"El atributo LDAP que contiene el objectSID de un objeto usuario LDAP. Esto " +"es normalmente sólo necesario para servidores ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"El atributo LDAP que contiene la fecha y hora de la última modificación del " +"objeto primario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "Predeterminado: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (fecha del último cambio de password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "Predeterminado: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (edad mínima del password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "Predeterminado: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (edad máxima del password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "Predeterminado: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (período de aviso de password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "Predeterminado: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (período de inactividad de password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "Predeterminado: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow o " +"ldap_account_expire_policy=shadow, este parámetro contiene el nombre de un " +"atributo correspondiente con su <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> homólogo (fecha de " +"expiración de la cuenta)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "Predeterminado: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el " +"nombre de un atributo LDAP que almacena la fecha y la hora del último cambio " +"de password en kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "Predeterminado: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el " +"nombre de un atributo LDAP que almacena la fecha y la hora en la que expira " +"el password actual." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "Predeterminado: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Cuando se utiliza ldap_account_expire_policy=ad, este parámetro contiene el " +"nombre de un atributo LDAP que almacena el tiempo de expiración de la cuenta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "Predeterminado: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Cuando se usa ldap_account_expire_policy=ad, este parámetro contiene el " +"nombre de un atributo LDAP que almacena el campo bit de control de la cuenta " +"de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "Predeterminado: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Cuando se usa ldap_account_expire_policy=rhds o esquivalente, este parámetro " +"determina si el acceso está permitido o no." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "Predeterminado: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Cuando se usa ldap_account_expire_policy=nds, este atributo determina si el " +"acceso está permitido o no." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "Predeterminado: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Cuando se usa ldap_account_expire_policy=nds, este atributo determina hasta " +"que fecha se concede el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Cuando se utiliza ldap_account_expire_policy=nds, este atributo determina la " +"hora de un día en la semana cuando se concede el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "Predeterminado: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"El atributo LDAP que contiene le Nombre Principal de Usuario Kerberos (UPN) " +"del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "Predeterminado: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "El atributo LDAP que contiene las claves públicas SSH del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Algunos servidores de directorio, por ejemplo Active Directory, pueden " +"entregar la parte real del UPN en minúsculas, lo que puede causar fallos de " +"autenticación. Fije esta opción en un valor distinto de cero si usted desea " +"usar mayúsculas reales." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Especifica cuantos segundos SSSD tiene que esperar antes de refrescar su " +"escondrijo de los registros enumerados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Determina la frecuencia de comprobación del cache para entradas inactivas " +"(como grupos sin miembros y usuarios que nunca han accedido) y borrarlos " +"para guardar espacio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "El atributo LDAP que corresponde al nombre completo del usuario." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "Predeterminado: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "El atributo LDAP que lista los afiliación a grupo de usario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "Predeterminado: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Si access_provider=ldap y ldap_access_order=authorized_service, SSSD " +"utilizará la presencia del atributo authorizedService en la entrada LDAP del " +"usuario para determinar el privilegio de acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Una denegación explícita (¡svc) se resuelve primero. Segundo, SSSD busca " +"permiso explícito (svc) y finalmente permitir todo (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "Predeterminado: iluminada" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la " +"presencia del atributo host en la entrada LDAP del usuario para determinar " +"el privilegio de acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda " +"SSSD para permiso explícito (host) y finalmente permitir todo (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "Default: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "La clase de objeto de una entrada de grupo LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "Por defecto: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "El atributo LDAP que corresponde al nombre de grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "El atributo LDAP que corresponde al id del grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"El atributo LDAP que contiene el objectSID de un objeto grupo LDAP. Esto es " +"normalmente sólo necesario para servidores ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "ldap_group_member (string)" +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Si ldap_schema está fijado en un formato de esquema que soporte los grupos " +"anidados (por ejemplo, RFC2307bis), entonces esta opción controla cuantos " +"niveles de anidamiento seguirá SSSD. Este opción no tiene efecto en el " +"esquema RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "Predeterminado: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "ldap_groups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" +"Esta opción le dice a SSSD como tomar ventajar de una función específica de " +"Active Directory que puede acelerar las operaciones de búsqueda de grupo son " +"despliegues con grupos complejos o profundamente anidados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" +"En los casos más comunes, es mejor dejar esta opción deshabilitada. " +"Generalmente sólo suministra un incremento de rendimiento en anidamientos " +"muy complejos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" +"Si esta opción está habilitada, SSSD la usará si detecta que el servidor la " +"soporta durante la conexión inicial. De modo que “True” aquí significa " +"esencialmente “auto-detect”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" +"Nota: Esta función se sabe que actualmente trabajo sólo con Active Directory " +"2008 R1 y posteriores. Vea <ulink url=\"http://msdn.microsoft.com/en-us/" +"library/windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) " +"documentation</ulink> para más detalles." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "Por defecto: False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "ldap_initgroups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" +"Esta opción le dice a SSSD que tome ventaja de una función específica de " +"Active Directory que puede acelerar las operaciones de inicio de grupo (más " +"notable cuando se trata con grupos complejos o profundamente anidados)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "La clase de objeto de una entrada netgroup en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "Predeterminado: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "El atributo LDAP que corresponde al nombre del netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" +"El atributo LDAP que contiene los nombres de los miembros de grupo de red." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "Predeterminado: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"El atributo LDAP que contiene los (host, usuario, dominio) triples de grupo " +"de red." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "Esta opción no está disponible en el proveedor IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "Predeterminado: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "La clase objeto de una entrada de servicio en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "Por defecto: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"El atributo LDAP que contiene el nombre de servicio de atributos y sus alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "El atributo LDAP que contiene el puerto manejado por este servicio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "Por defecto: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" +"El atributo LDAP que contiene los protocolos entendidos por este servicio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "Por defecto: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Especifica el tiempo de salida (en segundos) que la búsqueda ldap está " +"permitida para correr antes que de quea cancelada y los resultados " +"escondidos devueltos (y se entra en modo fuera de línea)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Nota: esta opción será sujeto de cambios en las futuras versiones del SSSD. " +"Probablemente será sustituido en algunos puntos por una serie de tiempos de " +"espera para tipos específicos de búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Especifica el tiempo de espera (en segundos) en los que las búsquedas ldap " +"de enumeraciones de usuario y grupo están permitidas de correr antes de que " +"sean canceladas y devueltos los resultados escondidos (y se entra en modo " +"fuera de línea)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Especifica el tiempo de salida (en segudos) después del cual <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> siguiendo un <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> vuelve en caso de no actividad." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Especifica un tiempo de espera (en segundos) en el que se mantendrá una " +"conexión a un servidor LDAP. Después de este tiempo, la conexión será " +"restablecida. Si su usa en paralelo con SASL/GSSAPI, se usará el valor más " +"temprano (este valor contra el tiempo de vida TGT)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "Predeterminado: 900 (15 minutos)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Especifica el número de registros a recuperar desde una única petición LDAP. " +"Algunos servidores LDAP hacen cumplir un límite máximo por petición." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "Predeterminado: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Deshabilita el control de paginación LDAP. Esta opción se debería usar si el " +"servidor LDAP reporta que soporta el control de paginación LDAP en sus " +"RootDSE pero no está habilitado o no se comporta apropiadamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Ejemplo: los servidores OpenLDAP con el módulo de control de paginación " +"instalado sobre el servidor pero no habilitado lo reportarán en el RootDSE " +"pero es incapaz de usarlo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Ejemplo: 389 DS tiene un bug donde puede sólo soportar un control de " +"paginación a la vez en una única conexión. Sobre clientes ocupados, esto " +"puede ocasionar que algunas peticiones sean denegadas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Cuando se está comunicando con un servidor LDAP usando SASL, especifica el " +"nivel de seguridad mínimo necesario para establecer la conexión. Los valores " +"de esta opción son definidos por OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Por defecto: Usa el sistema por defecto (normalmente especificado por ldap." +"conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Especifica el número de miembros del grupo que deben estar desaparecidos " +"desde el escondrijo interno con el objetivo de disparar una búsqueda " +"deference. Si hay menos miembros desaparecidos, se buscarán individualmente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" +"Usted puede quitar las búsquedas dereference completamente fijando el valor " +"a 0." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Una búsqueda dereference es un medio de descargar todos los miembros del " +"grupo en una única llamada LDAP. Servidores diferentes LDAP pueden " +"implementar diferentes métodos dereference. Los servidores actualmente " +"soportados son 389/RHDS, OpenLDAP y Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Nota:</emphasis> Si alguna de las bases de búsqueda especifica un " +"filtro de búsqueda, la mejora del rendimiento de la búsqueda dereference " +"será deshabilitado sin tener en cuenta este ajuste." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Especifica que comprobaciones llevar a cabo sobre los certificados del " +"servidor en una sesión TLS, si las hay. Puede ser especificado como uno de " +"los siguientes valores:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = El cliente no pedirá o comprobará ningún " +"certificado de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = Se pide el certificado del servidor. Si no se " +"suministra certificado, la sesión sigue normalmente. Si se suministra un " +"certificado malo, será ignorado y la sesión continua normalmente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = Se pide el certificado del servidor. Si no se " +"suministra certificado, la sesión continua normalmente. Si se suministra un " +"certificado malo, la sesión se termina inmediatamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = Se pide el certificado del servidor. Si no se " +"suministra certificado, o se suministra un certificado malo, la sesión se " +"termina inmediatamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "Predeterminado: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Especifica el fichero que contiene los certificados de todas las Autoridades " +"de Certificación que <command>sssd</command> reconocerá." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Por defecto: use los valores por defecto OpenLDAP, normalmente en <filename>/" +"etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Especifica la ruta de un directorio que contiene los certificados de las " +"Autoridades de Certificación en ficheros individuales separados. Normalmente " +"los nombres de fichero necesita ser el hash del certificado seguido por " +"‘.0’. si esta disponible <command>cacertdir_rehash</command> puede ser usado " +"para crear los nombres correctos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" +"Especifica el fichero que contiene el certificado para la clave del cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "Especifica el archivo que contiene la clave del cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" +"Especifica que la id_de proveedor de la conexión debe también utilizar " +"<systemitem class=\"protocol\">tls</systemitem> para proteger el canal." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Especifica que SSSD intentaría mapear las IDs de usuario y grupo desde los " +"atributos ldap_user_objectsid y ldap_group_objectsid en lugar de apoyarse en " +"ldap_user_uid_number y ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" +"Especifica el mecanismo SASL a emplear. Actualmente sólo GSSAPI está " +"probado y soportado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" +"Especifica la id de autorización SASL a usar. Cuando se usa GSSAPI, esto " +"representa el Kerberos principal usado para autenticación al directorio. " +"Esta opción puede contener el principal completo (por ejemplo host/" +"myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo host/myhost)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "Por defecto: host/nombre_de_host@REALM" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Especifica el reino SASL a usar. Cuando no se especifica, esta opción se " +"pone por defecto al valor de krb5_realm. Si ldap_sasl_authid contiene el " +"reino también, esta opción se ignora." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "Por defecto: el valor de krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Si se fija en true, la librería LDAP llevaría a cabo una búsqueda inversa " +"para para canocalizar el nombre de host durante una unión SASL." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "Predeterminado: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "Especifica la keytab a usar cuando se utilice SASL/GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</" +"filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" +"Especifica la id de proveedor que iniciaría las credenciales Kerberos (TGT). " +"Esta acción se lleva a cabo sólo si SASL se usa y el mecanismo seleccionado " +"es GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "Predeterminado: 86400 (24 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Especifica una lista separada por comas de direcciones IP o nombres de host " +"de los servidores Kerberos a los cuales se conectaría SSSD en orden de " +"preferencia. Para más información sobre failover y redundancia de servidor, " +"vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional " +"(precedido de dos puntos) puede ser añadido a las direcciones o nombres de " +"host. Si está vacío, el servicio descubridor está habilitado – para más " +"información, vea la sección <quote>SERVICE DISCOVERY</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Cuando se utiliza el servicio descubiertos para servidores KDC o kpasswd, " +"SSSD primero busca entradas DNS que especifiquen _udop como protocolo y " +"regresa a _tcp si no se encuentra nada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Este opción se llamaba <quote>krb5_kdcip</quote> en las revisiones más " +"tempranas de SSSD. Mientras el legado de nombre se reconoce por el tiempo " +"que sea, los usuarios son advertidos para migrar sus ficheros de " +"configuración para usar <quote>krb5_server</quote> en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "Especifica el REALM Kerberos (para autorización SASL/GSSAPI)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Especifica si el host principal sería estandarizado cuando se conecte a un " +"servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Seleccione la política para evaluar la caducidad de la contraseña en el lado " +"del cliente. Los siguientes valores son permitidos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> - Sin evaluación en el lado cliente. Esta opción " +"no puede deshabilitar las políticas de password en el lado servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" +"<emphasis>shadow</emphasis> - Usa los atributos de estilo " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> para evaluar si la contraseña ha expirado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> - Usa los atributos utilizados por MIT " +"Kerberos para determinar si el password ha expirado. Use " +"chpass_provider=krb5 para actualizar estos atributos cuando se cambia el " +"password." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" +"Especifica si el seguimiento de referencias automático debería ser " +"habilitado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Por favor advierta que sssd sólo soporta seguimiento de referencias cuando " +"está compilado con OpenLDAP versión 2.4.13 o más alta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" +"Al perseguir referencia se puede incurrir en una penalización de rendimiento " +"en entornos que lo usen pesadamente, un ejemplo notable es Microsoft Active " +"Directory. Si su ajuste no requieren de hecho el uso de referencias, fijar " +"esta opción a false le llevará a una notable mejora de rendimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Especifica el nombre del servicio para utilizar cuando está habilitado el " +"servicio de descubrimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "Predeterminado: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Especifica el nombre del servicio para utilizar al buscar un servidor LDAP " +"que permita cambios de contraseña cuando está habilitado el servicio de " +"descubrimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Especifica si actualizar el atributo ldap_user_shadow_last_change con días " +"desde el Epoch después de una operación de cambio de contraseña." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "Ejemplo:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" +"El escondrijo fuera de línea para esta característica está limitado a " +"determinar si el último login en línea del usuario alcanzó permiso de " +"acceso. Si les fue concedido acceso durante su último login, continuará " +"obteniendo acceso mientras esté fuera de línea y viceversa." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "Predeterminado: vacío" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Con esta opción pueden ser habilitados los atributos de evaluación de " +"control de acceso del lado cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Por favor advierta que siempre se recomienda utilizar el control de acceso " +"del lado servidor, esto es el servidor LDAP denegaría petición de enlace con " +"una código de error definible aunque el password sea correcto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "Los siguientes valores están permitidos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: usa el valor de ldap_user_shadow_expire para " +"determinar si la cuenta ha expirado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: usa el valor del campo de 32 bit " +"ldap_user_ad_user_account_control y permite el acceso si el segundo bit no " +"está fijado. Si el atributo está desaparecido se concede el acceso. También " +"se comprueba el tiempo de expiración de la cuenta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: usa el valor de ldap_ns_account_lock para comprobar si se permite " +"el acceso o no." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: los valores de " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled y " +"ldap_user_nds_login_expiration_time se usan para comprobar si el acceso está " +"permitido. Si ambos atributos están desaparecidos se concede el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Lista separada por coma de opciones de control de acceso. Los valores " +"permitidos son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: utilizar el atributo " +"autorizedService para determinar el acceso" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "Predeterminado: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Tenga en cuenta que es un error de configuración si un valor es usado más de " +"una vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "ldap_deref (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Especifica cómo se hace la eliminación de referencias al alias cuando se " +"lleva a cabo una búsqueda. Están permitidas las siguientes opciones:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" +"<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: Las referencias al alias son eliminadas en " +"subordinadas del objeto base, pero no en localización del objeto base de la " +"búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: Sólo se eliminarán las referencias a alias " +"cuando se localice el objeto base de la búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: Las referencias al alias se eliminarán tanto " +"para la búsqueda como en la localización del objeto base de la búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Por defecto: Vacío (esto es manejado como <emphasis>nunca</emphasis> por las " +"librerías cliente LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Permite retener los usuarios locales como miembros de un grupo LDAP para " +"servidores que usan el esquema RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"En algunos entornos donde se usa el esquema RFC2307, los usuarios locales " +"son hechos miembros de los grupos LDAP añadiendo sus nombres al atributo " +"memberUid. La autoconsistencia del dominio se ve comprometida cuando se hace " +"esto, de modo que SSSD debería normalmente quitar los usuarios " +"“desparecidos” de las afiliaciones a grupos escondidas tan pronto como " +"nsswitch intenta ir a buscar información del usuario por medio de las " +"llamadas getpw*() o initgroups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"Esta opción cae de nuevo en comprobar si los usuarios locales están " +"referenciados, y los almacena en caché de manera que más tarde las llamadas " +"initgroups() aumentará los usuarios locales con los grupos LDAP adicionales." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "ldap_opt_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Todas las opciones de configuración comunes que se aplican a los dominios " +"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN " +"SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles " +"completos. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "OPCIONES SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "El objeto clase de una regla de entrada sudo en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "Por defecto: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "El atributo LDAP que corresponde a la regla nombre de sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "El atributo LDAP que corresponde al nombre de comando." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "Por defecto: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"El atributo LDAP que corresponde al nombre de host (o dirección IP del host, " +"red IP del host o grupo de red del host)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "Por defecto: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"El atributo LDAP que corresponde al nombre de usuario (o UID. nombre de " +"grupo o grupo de red del usuario)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "Por defecto: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "El atributo LDAP que corresponde a las opciones sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "Por defecto: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"El atributo LDAP que corresponde al nombre de usuario que los comandos " +"pueden ejecutar como." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "Por defectot: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"El atributo LDAP que corresponde al nombre de grupo o GID de grupo que puede " +"ejecutar comandos como." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "Por defecto: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"El atributo LDAP que corresponde al inicio de fecha/hora para cuando la " +"regla sudo es válida." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "Por defecto: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"El atributo LDAP que corresponde a la fecha/hora final, después de la cual " +"la regla sudo dejará de ser válida." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "Por defecto: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "Por defecto: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"Cuantos segundos esperará SSSD entre ejecutar un refresco total de las " +"reglas sudo (que descarga todas las reglas que están almacenadas en el " +"servidor)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"El valor debe ser mayor que <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "Por defecto: 21600 (6 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" +"Cuantos segundos tiene que esperar SSSD antes de ejecutar una actualización " +"inteligente de las reglas sudo (que descarga todas las reglas que tienen " +"USBN más alto que el USN más alto de las reglas escondidas)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Si los atributos USN no se soportan por el servidor, se usa en su lugar el " +"atributo modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Si es true, SSSD descargará sólo las reglas que son aplicables a esta " +"máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Lista separada por espacios de nombres de host o nombres de dominio " +"totalmente cualificados que sería usada para filtrar las reglas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Si esta opción está vacía, SSSD intentará descubrir el nombre de host y el " +"nombre de dominio totalmente cualificado automáticamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Si <emphasis>ldap_sudo_use_host_filter</emphasis> es <emphasis>false</" +"emphasis> esta opción no tiene efecto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "Por defecto: no especificado" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Lista separada por espacios de direcciones de host/red IPv4 o IPv6 que sería " +"usada para filtrar las reglas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"esta opción está vacía, SSSD intentará descrubrir las direcciones " +"automáticamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "sudo_include_netgroups (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Si está a true SSSD descargará cada regla que contenga un grupo de red en el " +"atributo sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Si es verdad SSSD descargará cada regla que contenga un comodín en el " +"atributo sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Esta página de manual sólo describe el atributo de nombre mapping. Para una " +"explicación detallada de la semántica del atributo relacionada con sudo, vea " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "OPCIONES AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "Por defecto: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "El nombre de una entrada de mapa de automontaje en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +#, fuzzy +#| msgid "" +#| "The key of an automount entry in LDAP. The entry usually corresponds to a " +#| "mount point." +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"La clave de una entrada de automontaje en LDAP. La entrada corresponde " +"normalmente a un punto de montaje." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: automountMap" +msgid "Default: automount" +msgstr "Por defecto: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"La clave de una entrada de automontaje en LDAP. La entrada corresponde " +"normalmente a un punto de montaje." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "Por defecto: automountInformation" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "OPCIONES AVANZADAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"El siguiente ejemplo asume que SSSS está configurado correctamente y LDAP " +"está fijado a uno de los dominios de la sección <replaceable>[domains]</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTAS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Las descripciones de algunas de las opciones de configuración en esta página " +"de manual están basadas en la página de manual <citerefentry> " +"<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> de la distribución OpenLDAP 2.4." + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "Módulo PAM para SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> es la interfaz PAM para el demonio Servicios " +"de Seguridad de Sistema (SSSD). Los errores y resultados son registrados a " +"través de <command>syslog(3)</command> con la facilidad LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "Suprime el registro de mensajes de usuarios desconocidos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Si <option>forward_pass</option> está fijada el password introducido se pone " +"en la pila para que lo usen otros módulos PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"El argumento use_first_pass fuerza al módulo a usar un módulo de password " +"apilado previamente y nunca preguntará al usuario - si no hay password " +"disponible o el password no es apropiado, se denegará el acceso al usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Cuando cambia el password fuerza al módulo a fijar el nuevo password a uno " +"suministrado por un módulo de password previamente apilado." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Si el usuario especificado es preguntado N veces por un password si la " +"autenticación falla. Por defecto es 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Por favor advierta que esta opción puede no trabajar como se espera llamando " +"PAM a manejar el diálogo de usuario por el mismo. Un ejecplo típico es " +"<command>sshd</command> con <option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "TIPOS DE MÓDULOS SUMINISTRADOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Todos los tipos de módulos (<option>account</option>, <option>auth</option>, " +"<option>password</option> y <option>session</option>) son suministrados." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "ARCHIVOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Si un password se resetea por un fallo de root, como el correspondiente " +"proveedor SSSD no soporta el reseteo de password, se puede mostrar un " +"mensaje individual. Este mensaje puede, por ejemplo, contener instrucciones " +"sobre como resetear un password." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"El mensaje se lee desde el fichero <filename>pam_sss_pw_reset_message.LOC</" +"filename> donde LOC destaca una cadena de lugar devuelta por <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. Si no hay fichero coincidente se muestra el contenido de " +"<filename>pam_sss_pw_reset_message.txt</filename>. Root debe ser el " +"propietario de los ficheros y sólo root puede tener permisos de lectura y " +"escritura mientras que todos los demás usuarios sólo tienen permisos de " +"lectura." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Estos ficheros son buscados en el directorio <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. Si no hay archivos coincidentes se muestra un " +"mensaje genérico." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> pone el Reino y el nombre o dirección IP del KDC en las " +"variables de entorno SSSD_KRB5_REALM y SSSD_KRB5_KDC respectivamente. Cuando " +"<command>sssd_krb5_locator_plugin</command> es llamado por las librerías " +"kerberos lee y evalúa estas variables y se las devuelve a las librerías." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"No todas las implementaciones Kerberos soportan el uso de plugins. Si " +"<command>sssd_krb5_locator_plugin</command> no está disponible en su sistema " +"usted tiene que editar /etc/krb5.conf para reflejar sus ajustes Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier " +"valor los mensajes de depuración se enviarán a stderr." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"el fichero de configuración para en proveedor de control de acceso 'simple' " +"de SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"Esta página de manual describe la configuración del proveedor de control de " +"acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de " +"sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"El proveedor de acceso simple otorga o deniega el acceso en base a una lista " +"de acceso o denegación de usuarios o grupo de nombres. Se aplican las " +"siguientes reglas:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Si todas las listas están vacías, se concede acceso" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Si se ha suministrado alguna lista, el orden de evaluación es permitir," +"denegar. Esto significa que cualquier regla de denegación será saltada por " +"cualquier regla de permiso coincidente." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Si una o ambas listas de \"permiso\" se suministran, todos los usuarios " +"serán denegados a no ser que aparezcan en la lista." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Si sólo se suministran listas de \"denegación\", todos los usuarios " +"obtendran acceso a no ser que aparezcan en la lista." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "Lista separada por comas de usuarios a los está permitido el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Lista separada por comas de usuarios a los que explicítamente se les deniega " +"el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Lista separada por comas de grupos que tienen permitido el acceso. Esto se " +"aplica sólo a los grupos dentro del dominio SSSD. Los grupos locales no " +"serán evaluados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Lista separada por comas de grupos a los que explicítamente se les deniega " +"el acceso. Esto se aplica sólo a los grupos dentro del dominio SSSD. Los " +"grupos locales no serán evaluados." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Vea la sección <quote>DOMAIN SECTIONS</quote> de la página de manual " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para detalles sobre la configuración de un " +"dominio SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"No especificando valores para ninguna de las listas es equivalente a " +"saltarle totalmente. Tenga cuidado de esto mientras genera parámetros para " +"el simple proveedor usando secuencias de comandos automatizadas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Por favor advierta que es un error de configuración si tanto, " +"simple_allow_users como simple_deny_user, están definidos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"El siguiente ejemplo asume que SSSD está correctamente configurado y example." +"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " +"Este ejemplo muestra sólo las opciones específicas del proveedor de acceso " +"simple." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Este página de manual describe la configuración del proveedor IPA para " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Para una referencia de sintaxis detalladas, vea la sección " +"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"El proveedor IPA es un back end usado para conectar a un servidor IPA. (Vea " +"el sitio web freeipa.org para información sobre los servidores IPA). Este " +"proveedor requiere que la máquina este unido al dominio IPA; la " +"configuración es casi enteramente auto descubierta y obtenida directamente " +"del servidor." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"El proveedor IPA acepta las mismas opciones usadas por el proveedor de " +"identidad <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> y el proveedor de autenticación " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> con algunas excepciones descritas abajo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" +"Sin embargo, ni es necesario ni está recomendado fijar estas opciones. El " +"proveedor IPA también puede ser usado como proveedor de acceso y cambio de " +"contraseña. Como proveedor de acceso usa reglas HBAC (control de acceso " +"basado en el host). Por favor vea freeipa.org para más información sobre " +"HBAC. No se requiere configuración del proveedor de acceso en el lado " +"cliente." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"El porveedor IPA usara el respondedor PAC si las entradas Kerberos de los " +"usuario de reinos confiables contienen un PAC. Para hacer la configuración " +"más fácil el respondedor PAC es iniciado automáticamente si la ID del " +"proveedor IPA está configurada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "ipa_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Especifica el nombre del dominio IPA. Esto es opcional. Si no se suministra, " +"se usa el nombre de configuración del dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"La lista separada por comas de direcciones IP o nombres de host de los " +"servidores IPA a los que SSSD se conectaría en orden de preferencia. Para " +"más información sobre conmutación en error y redundancia de servidores, vea " +"la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está " +"habilitado. Para más información sobre el servicio descubridor, vea la " +"sección <quote>SERVICE DISCOVERY</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" +"Opcional. Puede ser fijado en máquinas donde hostname(5) no refleja el " +"nombre totalmente cualificado usado en el dominio IPA para identificar este " +"host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"NOTA: Sobre sistemas más antiguos (como RHEL 5), para que este " +"comportamiento trabaje fiablemente, el reino por defecto Kerberos debe ser " +"fijado apropiadamente en /etc/krb5.conf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "Por defecto: 1200 (segundos)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +#, fuzzy +#| msgid "ldap_dns_service_name (string)" +msgid "dyndns_server (string)" +msgstr "ldap_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC " +"relacionados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "Predeterminado: Utilizar DN base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Vea <quote>ldap_search_base</quote> para información sobre la configuración " +"de múltiples bases de búsqueda." + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (cadena)Opcional. " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario " +"SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de " +"dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" +"Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido burlado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" +"Advierta que este valor por defecto difiere del proveedor back end " +"tradicional de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"El nombre del reino Kerberos. Esto es opcional y por defecto está al valor " +"de <quote>ipa_domain</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"El nombre del reino Kerberos tiene un significado especial en IPA – es " +"convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" +"Especifica si el host y el usuario principal deberían ser estandarizados " +"cuando se conecten a IPA LDAP y también para peticiones AS. Esta función " +"está disponible con MIT Kerberos >= 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Habilita la autenticación segura flexible de los túneles (FSAT) para la pre-" +"autenticación Kerberos. Se soportan las siguientes opciones:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor " +"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay " +"muchas peticiones de control de acceso hechas en un corto período." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "Predeterminado: 5 (segundos)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"La cantidad de tiempo entre búsquedas de los mapas SELinux contra el " +"servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si " +"hay muchas peticiones de acceso de usuario hechas en un corto período." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "La localización del automontador de este cliente IPA que será usada" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "Por defecto: La localización llamada “default”" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "PROVEEDOR DE SUBDOMINIOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"El proveedor de subdominios IPA se comporta de forma ligeramente diferente " +"si está configurado explícitamente o implícitamente." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Si la opción ' subdomains_provider = ipa' se encuentra en la sección de " +"dominio de sssd.conf, el proveedor de subdominios de IPA se configura " +"explícitamente, y todas las peticiones de subdominio se envían al servidor " +"de IPA si es necesario." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"El siguiente ejemplo asume que SSSD está correctamente configurado y example." +"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " +"Este ejemplo muestra sólo las opciones específicas del proveedor ipa." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Esta página de manual describe la configuración del proveedor AD para " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección " +"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" +"El proveedor AD es el punto final usado para conectar a un servidor Active " +"Directory. Este proveedor requiere que la máquina se una al dominio AD y " +"esté disponible una keytab." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"El proveedor AD soporta la conexión a Active Directory 2008 R2 o " +"posteriores. Las versiones anteriores pueden trabajar, pero no está " +"soportadas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"El proveedor de AD acepta las mismas opciones usadas por el proveedor de " +"identidad <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> y el proveedor de autenticación " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> con algunas excepciones descritas abajo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +#, fuzzy +#| msgid "" +#| "However, it is neither necessary nor recommended to set these options. " +#| "IPA provider can also be used as an access and chpass provider. As an " +#| "access provider it uses HBAC (host-based access control) rules. Please " +#| "refer to freeipa.org for more information about HBAC. No configuration of " +#| "access provider is required on the client side." +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" +"Sin embargo, ni es necesario ni está recomendado fijar estas opciones. El " +"proveedor IPA también puede ser usado como proveedor de acceso y cambio de " +"contraseña. Como proveedor de acceso usa reglas HBAC (control de acceso " +"basado en el host). Por favor vea freeipa.org para más información sobre " +"HBAC. No se requiere configuración del proveedor de acceso en el lado " +"cliente." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "ad_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Especifica el nombre del dominio Active Directory. Esto es opcional. Si no " +"se suministra, se usa la configuración del nombre de dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Para una operativa apropiada, esta opción sería especificada en la versión " +"minúscula de la versión larga del dominio Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +#, fuzzy +#| msgid "" +#| "The comma-separated list of IP addresses or hostnames of the IPA servers " +#| "to which SSSD should connect in the order of preference. For more " +#| "information on failover and server redundancy, see the <quote>FAILOVER</" +#| "quote> section. This is optional if autodiscovery is enabled. For more " +#| "information on service discovery, refer to the <quote>SERVICE DISCOVERY</" +#| "quote> section." +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"La lista separada por comas de direcciones IP o nombres de host de los " +"servidores IPA a los que SSSD se conectaría en orden de preferencia. Para " +"más información sobre conmutación en error y redundancia de servidores, vea " +"la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está " +"habilitado. Para más información sobre el servicio descubridor, vea la " +"sección <quote>SERVICE DISCOVERY</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "ad_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" +"Opcional. Puede ser fijada en máquinas donde el hostname(5) no refleja el " +"nombre totalmente cualificado usaro en el dominio Active Directory para " +"identificar este host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" +"Este campo se usa para determinar el host principal en uso en la keytab. " +"Debe coincidir con el nombre del host desde que se envío la keytab." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "Predeterminado: 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Predeterminado: 86400 (24 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "Predeterminado: True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"El siguiente ejemplo asume que SSSD está correctamente configurado y example." +"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " +"Este ejemplo muestra sólo las opciones específicas del proveedor AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"El proveedor de control de acceso AD comprueba si la cuenta está expirada. " +"Tiene el mismo efecto que la siguiente configuración del proveedor LDAP: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Configuración de sudo con el motor de SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"Esta página de manual describe como configurar <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"para trabajar con <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> y como SSSD esconde reglas sudo." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Configurando sudo para cooperar con SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Para habilitar SSSD como una fuente de reglas sudo, añada <emphasis>sss</" +"emphasis> a la entrada <emphasis>sudoers</emphasis> en <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Por ejemplo, para configurar sudo para primero buscar reglas en el fichero " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> estándar (que contendría reglas para aplicar al " +"usuario local) y después en SSSD, el fichero nsswitch.conf contiene la " +"siguiente línea:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Más información sobre la configuración del orden de búsqueda de sudoers " +"desde el fichero nsswuitch.conf así información sobre el esquema LDAP que se " +"usa para almacenar reglas sudo en el directorio se puede encontrar en " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Configurando SSSD para ir a buscar reglas sudo" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"El siguiente ejemplo muestra como configurar SSSD para descargar reglas sudo " +"desde un servidor LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "El mecanismo de almacenamiento en cache de regla SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"El mayor desafío, cuando se desarrolla soporte sudo en SSSD, fue asegurar " +"que ejecutando sudo con SSSD como la fuente de datos suministre la misma " +"experiencia de usuario y sea tan rápido como sudo pero se mantenga " +"proporcionando el conjunto más actual de reglas como sea posible. Para " +"satisfacer estos requisitos, SSSD usa tres clases de actualizaciones. A " +"ellas nos referimos como refresco total, refresco inteligente y refresco de " +"reglas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"El <emphasis>refresco inteligente</emphasis> periódicamente descarga reglas " +"que son nuevas o fueron modificadas desde la última actualización. Su " +"objetivo principal es mantener la base de datos creciendo mediante la " +"atracción de pequeños incrementos que no generen grandes cantidades de " +"tráfico de red." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"<emphasis>full refresh</emphasis> simplemente refresca todas las reglas sudo " +"almacenadas en el cache y las reemplaza con las reglas que están almacenadas " +"en el servidor. Esto se usa para mantener el cache consistente borrando cada " +"regla que fue borrada del servidor. Sin embargo, un refresco total puede " +"producir gran cantidad de tráfico y por lo tanto debería ser ejecutado sólo " +"ocasionalmente dependiendo del tamaño y de la estabilidad de las reglas sudo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"El <emphasis>refresco de reglas</emphasis> asegura que no concedamos más " +"permisos al usuario que los definidos. Se dispara cada vez que el usuario " +"ejecuta sudo. El refresco de reglas encontrará todas las reglas que se " +"apliquen a ese usuario, comprobará su tiempo de expiración y las recargará " +"si han expirado. En el caso de que alguna de esas reglas estén desaparecidas " +"del servidor, SSSD hará un refresco total fuera de banda puesto que más " +"reglas (que apliquen a otros usuarios) pueden haber sido borradas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Si está habilitado, SSSD almacenará sólo las reglas que pueden ser aplicadas " +"a esa máquina. Esto indica reglas que contienen uno de los siguientes " +"valores en el atributo <emphasis>sudoHost</emphasis>:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "keyword ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "comodines" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "netgroup (en la forma \"+netgroup\")" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" +"nombre de host o nombre de dominio totalmente cualificado de esta máquina" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "una de las direcciones IP de esta máquina" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" +"una de las direcciones IP de la red (en la forma \"dirección/máscara\")" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Hay muchas opciones de configuración que pueden ser usadas para ajustar el " +"comportamiento. Por favor vea \"ldap_sudo_*\" en <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> y \"sudo_*\" en <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> suministra un conjunto de demonios para gestionar el " +"acceso a directorios remotos y mecanismos de autenticación. Suministra una " +"interfaz NSS y PAM hacia el sistema y un sistema de parte trasera conectable " +"para conectar múltiples fuentes de cuentas diferentes así como interfaz D-" +"Bus. Es también la base para suministrar servicios de auditoría y política a " +"los clientes para proyectos como FreeIPA. Suministra una base de datos más " +"robusta para almacenar los usuarios locales así como datos de usuario " +"extendidos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: Desactiva marca de tiempo en mensajes de depuración" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: Agregar microsegundos a la marca de tiempo en " +"mensajes de depuración" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "<emphasis>0</emphasis>: Desactiva microsegundos en marcas de tiempo" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" +"Envía la salida de depuración a ficheros en lugar de a stderr. Por defecto, " +"los ficheros de registro se almacenan en <filename>/var/log/sssd</filename> " +"y hay ficheros de registro separados para cada servicio y dominio SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "Convertido en un demonio después de la puesta en marcha." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "Ejecutar en primer plano, no convertirse en un demonio." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Especifica un fichero de configuración distinto al de por defecto. El por " +"defecto es <filename>/etc/sssd/sssd.conf</filename>. Para referencia sobre " +"las opciones y sintaxis del fichero de configuración, consulta la página de " +"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "Imprimir número de versión y salir." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "Señales" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Informa a SSSD para terminar graciosamente todos sus procesos hijos y " +"después para el monitor." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Le dice a SSSD que pare de escribir en su fichero descriptor de depuración " +"actual y cerrar y reabrirlo. Esto significa facilitar la circulación de " +"registro con programas como logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "oscurecer un password en texto claro" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[CONTRASEÑA]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> convierte una contraseña dada en un formato " +"no legible y la sitúa en la sección apropiada del dominio del fichero de " +"configuración SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"La contraseña en texto claro es leída desde la entrada estándar e " +"introducida interactivamente. La contraseña ofuscada se pone en el parámetro " +"<quote>ldap_default_authtok</quote> de un dominio SSSD dado y el parámetro " +"<quote>ldap_default_authtok_type</quote> se fija a " +"<quote>obfuscated_password</quote>. Vea <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más " +"detalles sobre estos parámetros." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Por favor advierta que oscurecer la contraseña <emphasis>no suministra un " +"beneficio real de seguridad</emphasis> y es posible para un atacante " +"mediante ingeniería inversa volver atrás la contraseña. Se recomienda " +"<emphasis>firmemente</emphasis> el uso de mejores mecanismos de " +"autenticación como certificados en el lado cliente o GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "La contraseña a oscurecer será leída desde la entrada estándar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"El dominio SSSD en el que usar la contraseña. El nombre por defecto es " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>ARCHIVO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" +"Lee el fichero de configuración especificado por el parámetro posicional." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Predeterminado: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_userdel" +msgid "sss_override" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "SUDO OPTIONS" +msgid "COMMON OPTIONS" +msgstr "OPCIONES SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "Those options are available with all commands." +msgstr "Esta opción no está disponible en el proveedor IPA." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "sss_useradd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "Crea un nuevo usuario" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" +"<command>sss_useradd</command> crea una nueva cuenta de usuario usando los " +"valores especificados en la línea de comandos más los valores por defecto " +"del sistema." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Fija la UID del usuario al valor de <replaceable>UID</replaceable>. Si no se " +"da, se elige automáticamente." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMENTARIO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa " +"como el campo para el nombre completo del usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" +"El directorio home de la cuenta de usuario. Por defecto se añade el nombre " +"<replaceable>LOGIN</replaceable> a <filename>/home</filename> y utiliza esto " +"como directorio home. La base de que se antepondrá antes <replaceable>LOGIN</" +"replaceable> es sintonizable con el ajuste <quote>user_defaults/" +"baseDirectory</quote> en sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" +"La shell de acceso del usuario. Por defecto es actualmente <filename>/bin/" +"bash</filename>. El valor por defecto puede ser cambiado con el ajuste " +"<quote>user_defaults/defaultShell</quote> en sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-G</option>,<option>--groups</option> <replaceable>GRUPOS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" +"Una lista de grupos existentes de los que el usuario también es miembro." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "<option>-m</option>,<option>--create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" +"Crea el directorio home del usuario si no existe. Los ficheros y directorios " +"contenidos en el directorio esqueleto (que pueden ser definidos con la " +"opción –k o en el fichero de configuración) serán copiados en el directorio " +"home." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" +"No se crear el directorio principal del usuario. Reemplaza los valores de " +"configuración." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" +"El directorio esqueleto, que contiene ficheros y directorios a copiar en el " +"directorio home del usuario, cuando el directorio home es creado por " +"<command>sss_useradd</command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" +"Esta opción sólo es válida si se ha especificado la opción <option>-m</" +"option> (o <option>--create-home</option>), o la creación de directorios " +"home está fijada a TRUE en la configuración." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" +"El usuario SELinux para el acceso de usuario. Si no se especifica, se usará " +"el valor por defecto del sistema." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Esta página de manual describe la configuración del motor de autenticación " +"de Kerberos 5 para <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de " +"la sintaxis, por favor vea la sección <quote>FORMATO DE ARCHIVO</quote> de " +"la página de manual de <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"El motor de autenticaciónd e Kerberos 5 contiene proveedores auth y chpass. " +"Debe ir junto con un proveedor de identidad para que funcione adecuadamente " +"(por ejemplo, id_provider = ldap). Algo de información requerida por el " +"motor de autenticación de Kerberos 5 debe ser provista por el proveedor de " +"identidad, tal como el Nombre Principal del usuario de Kerberos (NPU). La " +"configuración del proveedor de identidad debe tener una entrada específica " +"para el NPU. Por favor, vea la página del manual para el proveedor de " +"identidad aplicable, para más detalles sobre cómo configurar esto." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"Este motor también provee control de acceso basado en el archivo .k5login en " +"el directorio de inicio del usuario. Vea <citerefentry> <refentrytitle>." +"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> para más " +"detalles. Por favor, observe que un archivo .k5login vacío negará todo el " +"acceso a este usaurio. Para activar esta característica, use " +"'access_provider = krb5' en su configuración de SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"En el caso de que el NPU no esté disponible en el motor de identidad, " +"<command>sssd</command> construirá un NPU usando el formato " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Especifica una lista separada por comas de direcciones IP o nombres de host " +"de los servidores Kerberos a los cuales se conectaría SSSD en orden de " +"preferencia. Para más información sobre failover y redundancia de servidor, " +"vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional " +"(precedido de dos puntos) puede ser añadido a las direcciones o nombres de " +"host. Si está vacío, el servicio descubridor está habilitado; para más " +"información, vea la sección <quote>SERVICE DISCOVERY</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"El nombre del reino Kerberos. Esta opción se requiere y debe ser " +"especificada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Si el servicio de cambio de contraseña no está corriendo en el KDC, se " +"pueden definir aquí servidores alternativos. Un número de puerto opcional " +"(precedido de dos puntos) debe ser añadido a las direcciones o nombres de " +"host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Para más información sobre recuperación de fallos y redundancia de servidor, " +"consulte la sección de <quote>conmutación por error</quote>. Nota: incluso " +"si no hay más servidores kpasswd para intentar, y el punto final no está " +"conmutado para trabajar fuera de línea la autenticación contra el KDC es " +"todavía posible." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Predeterminado: Use the KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Predeterminado: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (string)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "nombre de acceso" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "UID de acceso" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "nombre principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nombre de reino" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "directorio home" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "un literal ‘%’" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"La localización de la keytab a usar cuando son obtenidas credenciales " +"validadas desde KDCs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "Predeterminado: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Por defecto: no fijado, esto es el TGT no es renovable" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Por defecto: no fijado, esto es el tiempo de vida de la entrada por defecto " +"configurado en el KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Por defecto: no fijado, esto es no se usa FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "Especifica el servidor principal para usar por FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "sss_groupadd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "Crea un nuevo grupo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" +"<command>sss_groupadd</command> cre un nuevo grupo. Estos grupos son " +"compatibles con grupos POXIS, con la característica adicional que pueden " +"contener otros grupos como miembros." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Fija el GID del grupo al valor de <replaceable>GID</replaceable>. Si no se " +"da, se elige automáticamente." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "eliminar una cuenta de usuario" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" +"<command>sss_userdel</command> borra del sistema un usuario identificado por " +"su nombre de acceso <replaceable>LOGIN</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "<option>-r</option>,<option>--remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Los ficheros en el directorio home del usuario serán borrados así como el " +"directorio home mismo y el buzón de correo del usuario. Reescribe la " +"configuración." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "<option>-R</option>,<option>--no-remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Los ficheros en el directorio home del usuario NO serán borrados así como el " +"directorio home mismo y el buzón de correo del usuario. Reescribe la " +"configuración." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "<option>-f</option>,<option>--force</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" +"Esta opción fuerza a <command>sss_userdel</command> a borrar el directorio " +"home del usuario y el buzón de correo, aunque no sea propiedad del usuario " +"especificado." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "<option>-k</option>,<option>--kick</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "Antes de realmente eliminar al usuario, terminar todos sus procesos." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "eliminar un grupo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" +"<command>sss_groupdel</command> borra del sistema un grupo identificado por " +"su nombre <replaceable>GROUP</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "imprime las propiedades de un grupo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" +"<command>sss_groupshow</command> muestra información sobre un grupo " +"identificado por su nombre <replaceable>GROUP</replaceable>. La información " +"incluye el número de ID del grupo, miembros del grupo y padres del grupo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "<option>-R</option>,<option>--recursive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" +"También imprime miembros indirectos del grupo en una jerarquía de árbol. " +"Advierta que esto también afecta a la impresión de los grupos padres – sin " +"<option>R</option>,, sólo se imprimirá los padres directos." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "Modifica una cuenta de usuario" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" +"<command>sss_usermod</command> modifica la cuenta especificada por " +"<replaceable>LOGIN</replaceable> para reflejar los cambios que se han " +"especificado en la línea de comando." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "El directorio principal de la cuenta de usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "Shell de inicio de sesión del usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Añade este usuario a los grupos especificados por el parámetro " +"<replaceable>GROUPS</replaceable>. El parámetro <replaceable>GROUPS</" +"replaceable> es una lista separada por comas de nombres de grupo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Borrar este usuario de los grupos especificados por el parámetro " +"<replaceable>GROUPS</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "<option>-l</option>,<option>--lock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "Bloquea la cuenta de usuario. El usuario no será capaz de acceder." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "<option>-u</option>,<option>--unlock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "Desbloquea la cuenta de usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "El usuario SELinux para el acceso del usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "lleva a cabo la limpieza del escondrijo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" +"<command>sss_cache</command> invalida resgistros en el escondrijo SSSD. Los " +"registros invalidados son forzados a recargarse desde el servidor tan pronto " +"como el punto final SSSD relacionado está en línea." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "Invalida el usuario específico." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Invalida todos los registros de usuario. Esta opción anula la invalidación " +"de usuario específico si también está fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "Invalida grupo específico." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Invalida todos los registros de grupo. Esta opción anula la invalidación de " +"grupo específico si también está fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "Invalida grupo de red específico." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Invalida todos los registros de grupo de red. Esta opción anula la " +"invalidación de grupo de red específico si también está fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "Invalida servicio específico" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Invalida todos los archivos de servicio. Esta opción anula la invalidación " +"de servicio específico si también fue fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "Invalida mapas específicos autofs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Invalida todos los mapas autofs. Esta opción anula la invalidación de mapa " +"específico si fue fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Restringe el proceso de invalidación sólo a un dominio concreto." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "cambia el nivel de depuración mientras SSSD está corriendo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" +"<command>sss_debuglevel</command> cambia el nivel de depuración del monitor " +"y proveedores SSSD a <replaceable>NEW_DEBUG_LEVEL</replaceable> mientras " +"SSSD está corriendo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "alimenta el cache SSSD con un usuario" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> alimenta el cache SSSD con una entrada de " +"usuario y una contresañe temporal. Si una entrada de usuario está ya " +"presente en el cache SSSD la entrada se actualiza con la contraseña temporal" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Suministra el nombre del dominio del que el usuario es miembro. El dominio " +"también se usa para recuperar información del usuario. El dominio debe estar " +"configurado en sssd.conf. La opción <replaceable>DOMAIN</replaceable> debe " +"ser suministrada. La información recuperada del dominio anula la que se ha " +"suministrado en las opciones." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"El nombre de usuario de la entrada a ser creado o modificado en el cache. Se " +"debe suministrar la opción <replaceable>USER</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Fija la UID del usuario a <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Fija la GID del usuario a <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Fija el directorio home del usuario a <replaceable>HOME_DIR</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Fija la shell de acceso del usuario a <replaceable>SHELL</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Modo interactivo de introducir información del usuario. Esta opción sólo " +"preguntará por la información no suministrada en las opciones o recuperada " +"del dominio." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Especifica el fichero desde donde leer la contraseña del usuario (si no se " +"especifica se pregunta por la contraseña)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"La longitud de la contraseña (o el tamaño especificado con la opción -p or --" +"password-file) debe ser menos o igual a PASS_MAX bytes ( 64 bytes en " +"sistemas sin valor PASS_MAX globalmente definido)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VEA TAMBIEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "obtiene las claves OpenSSH autorizadas" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> adquiere la clave pública SSH para " +"el usuario <replaceable>USER</replaceable> y las saca en formato de claves " +"autorizadas OpenSSH (vea la sección <quote>AUTHORIZED_KEYS FILE FORMAT</" +"quote> de <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> para más información)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> puede ser configurado para usar " +"<command>sss_ssh_authorizedkeys</command> para autenticación de la clave " +"pública del usuario si está compilado para soporte de " +"<quote>AuthorizedKeysCommand</quote> o de <quote>PubkeyAgent</quote> " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> options." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" +"Si se soporta <quote>PubkeyAgent</quote>, <citerefentry><refentrytitle>sshd</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry> puede ser configurado " +"para usarlo utilizando la siguiente directiva para <citerefentry> " +"<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> " +"configuration: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Busca las claves públicas del usuario en el dominio SSSD " +"<replaceable>DOMAIN</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "obtiene las claves OpenSSH del host" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> adquiere las claves públicas SSH " +"del host para el host <replaceable>HOST</replaceable>, las almacena en un " +"fichero personal OpenSSH conocido por el host (vea la sección " +"<quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> de " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> para más información) <filename>/var/lib/sss/pubconf/" +"known_hosts</filename> y establece la conexión al host." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Si se especifica <replaceable>PROXY_COMMAND</replaceable>, se usa para crear " +"la conexión al host en lugar de abrir un socket." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> puede ser configurado para usar " +"<command>sss_ssh_knownhostsproxy</command> para autenticación de la clave " +"del host usando las siguientes directivas <citerefentry><refentrytitle>ssh</" +"refentrytitle> <manvolnum>1</manvolnum></citerefentry> configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/> " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Usa el puerto <replaceable>PORT</replaceable> para conectar al host. Por " +"defecto, el puerto usado es el 22." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Busca las claves públicas del host en el dominio SSSD <replaceable>DOMAIN</" +"replaceable>." + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "SERVICIO DE DESCUBRIMIENTO" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"La función servicio descubridor permite a los puntos finales encontrar " +"automáticamente los servidores apropiados a conectar para usar una pregunta " +"especial al DNS. Esta función no está soportada por los servidores de " +"respaldo." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuración" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Si no se especifican servidores, el punto final usar automáticamente el " +"servicio descubridor para intentar encontrar un servidor. Opcionalmente, el " +"usuario puede elegir utilizar tanto las direcciones de servidor fijadas como " +"el servicio descubridor para insertar una palabra clave especial, " +"<quote>_srv_</quote>, en la lista de servidores. El orden de preferencia se " +"mantiene. Esta función es útil sí, por ejemplo, el usuario prefiere usar el " +"servicio descubridor siempre que sea posible, el volver a un servidor " +"específico cuando no se pueden descubrir servidores usando DNS." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "El nombre de dominio" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página " +"de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más detalles." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "El protocolo" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Las consultas normalmente especifican _tcp como protocolo. Las excepciones " +"se documentan en la descripción de la opción respectiva." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Vea también" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Para más información sobre el mecanismo del servicio descubridor, vea el RFC " +"2782." + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "CONMUTACIÓN POR ERROR" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"La función conmutación en error permite a los finales conmutar " +"automáticamente a un servidor diferente si el servidor actual falla." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Sintaxis de conmutación por error" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"La lista de servidores se da como una lista separada por comas; se permite " +"cualquier número de espacios a los lados de la coma. Los servidores son " +"listados en orden de preferencia. La lista puede contener cualquier número " +"de servidores." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" +"El mecanismo de conmutación por errorEl mecanismo de failover distingue " +"entre una máquina y un servicio. El punto final intenta primero resolver el " +"nombre de host de una máquina dada; si el intento de resolución falla, la " +"máquina es considerada fuera de línea. No se harán más intentos de conexión " +"con esta máquina para ningún otro servicio. Si el intento de resolución " +"tiene éxito, el punto final intenta conectar a un servicio en esa máquina. " +"Si el intento de conexión al servicio falla, entonces sólo se considera " +"fuera de línea este servicio concreto y el punto final conmutará " +"automáticamente sobre el siguientes servicio. La máquina se considera que " +"sigue en línea y se puede intentar el acceso a otros servicios." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"El mecanismo de conmutación por error distingue entre una máquina y un " +"servicio. El punto final intenta primero resolver el nombre de host de una " +"máquina dada; si el intento de resolución falla, la máquina es considerada " +"fuera de línea. No se harán más intentos de conexión con esta máquina para " +"ningún otro servicio. Si el intento de resolución tiene éxito, el punto " +"final intenta conectar a un servicio en esa máquina. Si el intento de " +"conexión al servicio falla, entonces sólo se considera fuera de línea este " +"servicio concreto y el punto final conmutará automáticamente sobre el " +"siguientes servicio. La máquina se considera que sigue en línea y se puede " +"intentar el acceso a otros servicios." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Los intentos de conexión adicionales son hechos a máquinas o servicios " +"marcaros como fuera de línea después de un período de tiempo especificado; " +"esto está codificado a fuego actualmente en 30 segundos." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Si no hay más máquinas para intentarlo, el punto final al completo conmutará " +"al modo fuera de línea y después intentará reconectar cada 30 segundo." + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ASIGNACIÓN DE ID" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"La función asignación de ID permite a SSSD actuar como un cliente de Active " +"Directory sin requerir de administradores para extender los atributos de " +"usuario para soportar atributos POSIX para los identificadores de usuario y " +"grupo." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"NOTA: Cuando asignación de ID está habilitado, los atributos uidNumber y " +"gidNumber son ignorados. Esto es para evitar la posibilidad de conflictos " +"entre los valores automáticamente asignados y los asignados manualmente. Si " +"usted necesita usar los valore asignados manualmente, TODOS los valores " +"deben ser asignados manualmente." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Algoritmo de asignación" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory suministra un objectSID para cada objeto usuario y grupo en " +"el directorio. El objectSID puede ser dividido en componente que representan " +"la identidad del dominio Active Directory y le identificador relativo (RID) " +"del objeto usuario y grupo." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"El algoritmo de asignación de ID de SSSD tiene un rango de UIDs disponibles " +"y lo divide en secciones componente de igual tamaño – llamadas “rebanadas” " +"-. Cada rebanada representa el espacio disponible para un dominio Active " +"Directory." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Cuando se encuentra por primera vez una entrada de usuario o grupo para un " +"dominio concreto, SSSD asigna una de las rebanadas disponibles para ese " +"dominio. Con el objetivo de hacer esta asignación de rebanadas repetible " +"sobre diferentes máquinas clientes, seleccionamos la rebanada en base al " +"siguiente algoritmo:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"La cadena SID pasada a través del algoritmo murmurhash3 para convertirlo en " +"un valor picado de 32 bit. Después tomamos los módulos de este valor con el " +"número total de rebanadas disponibles para recoger la rebanada." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"NOTA: Es posible encontrar colisiones en el picadillo y los módulos " +"subsiguientes. En estas situaciones, seleccionaremos la siguiente rebanada " +"disponible, pero puede no ser posible reproducir los mismos conjuntos " +"exactos de rebanadas sobre otras máquinas (puesto que el orden en que se " +"encuentren desterminará sus rebanadas). En esta situación, se recomienda o " +"bien conmutar para usar los atributos explícitos POSIX en Active Directory " +"(deshabilitando la asignación de ID) o configurar un dominio por defecto " +"para garantizar que al menos uno sea siempre consistente. Vea " +"<quote>Configuración</quote> para detalles." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" +"Configuración mínima (en la sección <quote>[domain/DOMAINNAME]</quote>):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "ldap_id_mapping = True ldap_schema = ad \n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" +"La configuración por defecto resulta en la configuración de 10.000 " +"rebanadas, cada una capaz de sostener 200.000 IDs empezando por 10.001 y " +"yendo hasta 2.000.100.000. Esto debería ser suficiente para la mayoría de " +"los despliegues." + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Configuración Avanzada" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (entero)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Especifica el límite inferior del rango de IDs POXIS a usar para la " +"asignación de SIDs de usuario y grupo de Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"NOTA: Esta opción es diferente de <quote>min_id</quote> en esta " +"<quote>min_id</quote> actúa para filtrar la salida de las peticiones a este " +"dominio, mientras esta opción controla el rango de la asignación de ID. Esto " +"es una sutil diferencia, pero el buen consejo general sería que " +"<quote>min_id</quote> fuera menor o igual que <quote>ldap_idmap_range_min</" +"quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "Por defecto: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (entero)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Especifica el límite superior del rango de IDs POXIS a usar para la " +"asignación de SIDs de usuario y grupo por Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"NOTA: Esta opción es diferente de <quote>max_id</quote> en esta " +"<quote>max_id</quote> actúa para filtrar la salida de las peticiones a este " +"dominio, mientras esta opción controla el rango de la asignación de ID. Esto " +"es una sutil diferencia, pero el buen consejo general sería que " +"<quote>max_id</quote> fuera menor o igual que <quote>ldap_idmap_range_max</" +"quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "Por defecto: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (entero)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Especifica el número de IDs disponibles para cada rebanada. Si el rango no " +"se divide de forma igual entre los valores mínimo y máximo, creará tantas " +"rebanadas completas como sea posible." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Especifica el SID de dominio del dominio por defecto. Esto garantizará que " +"este dominio será asignado siempre a la rebanada cero en el mapa de ID, " +"sobrepasando el algoritmo murmurhash descrito arriba." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "Especifica el nombre del dominio por defecto." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (booleano)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Cambia el comportamiento del algoritmo de asignación de id para que se " +"comporte de un modo más similar al algoritmo <quote>idmap_autorid</quote> de " +"winbind." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" +"Cuando esta opción está configurada, los dominios serán asignados empezando " +"con la rebanada cero e incrementándose de uno en uno con cada dominio " +"adicional." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"NOTA: Este algoritmo no es determinista (depende del orden en que usuario y " +"grupos son pedidos). Si se requiere este modo para compatibilidad con " +"máquinas que ejecutan winbind, se recomienda que también use la opción " +"<quote>ldap_idmap_default_domain_sid</quote> para garantizar que al menos un " +"dominio está asignado consistentemente a la rebanada cero." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_range_size (entero)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Muestra mensaje de ayuda y sale." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "Niveles de depuración actualmente soportados:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Ejemplo</emphasis>: Para registrar fallos fatales, críticos y " +"serios y datos de función use 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Example</emphasis>: Para registrar fallos fatales, ajustes de " +"configuración, datos de función, mensajes de traza para funciones de control " +"interno use 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" +"<emphasis> Este es una función experimental, por favor utilice http://" +"fedorahosted.org/sssd para reportar cualquier cuestión. </emphasis>" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "EL DOMINIO LOCAL" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Con el objetivo de que funcione correctamente, se debe crear un dominio con " +"<quote>id_provider=local</quote> y el SSSD debe estar corriendo." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"El administrador puede desear usar los usuarios locales SSSD en lugar de los " +"usuarios tradicionales UNIX en los casos donde los grupos anidados (vea " +"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>) sean necesarios. Los usuarios locales son " +"también útiles para la prueba y el desarrollo del SSSD sin tener que " +"desplegar un servidor remoto completo. Las herramientas <command>sss_user*</" +"command> y <command>sss_group*</command> usan un almacenamiento LDB local " +"para almacenar usuarios y grupos." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"Una base DN opcional, alcance de la búsqueda y filtro LDAP para búsquedas " +"LDAP de este tipo de atributo." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" +"search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +"\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "sintaxis: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Para ejemplos de esta sintaxis, por favor vea la sección de ejemplos de " +"<quote>ldap_search_base</quote>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Por favor advierta que especificar el alcance o el filtro no está soportado " +"para búsquedas contra un Active Directory Server que puede ceder un gran " +"número de resultados y disparar la extensión Range Retrieval en la respuesta." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Por favor advierta que el automontador sólo lee el mapa maestro en el " +"arranque, se modo que si se hace cualquier cambio relacionado con autofs al " +"sssd.conf, usted normalmente también necesitará reiniciar el demonio " +"automontador después de reiniciar el SSSD." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (cadena)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "número UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "nombre de dominio" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "nombre totalmente cualificado del usuario (user@domain)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "El directorio home original recuperado del proveedor de identidad." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Anula el directorio home del usuario. Usted puede suministras bien un valor " +"absoluto o una plantilla. En la plantilla, serán sustituidas las siguientes " +"secuencias: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "Esta opción puede ser también fijada por dominio." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "Por defecto: No fijado (SSSD usará el valor recuperado desde LDAP)" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#~ msgid "" +#~ "Please note that the default values correspond to the default schema " +#~ "which is RFC2307." +#~ msgstr "" +#~ "Por favor advierta que los valores por defecto corresponden al esquema " +#~ "por defecto del RFC2307." + +#~ msgid "Default: ou" +#~ msgstr "Por defecto: ou" --- sssd-1.13.4.orig/src/man/po/eu.po +++ sssd-1.13.4/src/man/po/eu.po @@ -0,0 +1,11305 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" +"eu/)\n" +"Language: eu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +msgid "Default: /etc/pki/nssdb" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +msgid "wildcart_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +msgid "Default: automount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/fr.po +++ sssd-1.13.4/src/man/po/fr.po @@ -0,0 +1,13588 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Fabien Archambault <marbolangos@gmail.com>, 2012 +# Jérôme Fenal <jfenal@gmail.com>, 2012-2014 +# jhrozek <jhrozek@redhat.com>, 2014 +# Fabien Archambault <marbolangos@gmail.com>, 2012 +# sgallagh <sgallagh@redhat.com>, 2012 +# sgallagh <sgallagh@redhat.com>, 2012 +# Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata +# Jibec <jean-baptiste@holcroft.fr>, 2016. #zanata +# Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2016-03-19 03:04-0400\n" +"Last-Translator: Jibec <jean-baptiste@holcroft.fr>\n" +"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" +"fr/)\n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Pages de manuel de SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "modifier un groupe" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "DESCRIPTION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> modifie le groupe pour refléter les " +"changements spécifiés sur la ligne de commande." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPTIONS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Ajouter ce groupe aux groupes spécifiés par le paramètre " +"<replaceable>GROUPS</replaceable>. Le paramètre <replaceable>GROUPS</" +"replaceable> est une liste séparée par des virgules de noms de groupe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Supprime ce groupe des groupes spécifiés par le paramètre " +"<replaceable>GROUPS</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "Formats de fichier et conventions" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "Le fichier de configuration pour SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "FORMAT DE FICHIER" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Ce fichier utilise la syntaxe de style « .ini » et est constituée de " +"sections et de paramètres. Une section commence par le nom de la section " +"entre crochets et continue jusqu'à la section suivante. Un exemple de " +"section avec des paramètres mono et multi-valués : <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Les types de données utilisées sont des chaînes (pas de guillemets " +"nécessaires), des entiers et des booléens (ayant pour valeur <quote>TRUE/" +"FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Un commentaire de ligne commence par un octothorpe (<quote>#</quote>) ou un " +"point-virgule (<quote>;</quote>). Les commentaires au sein d'une ligne ne " +"sont pas pris en charge." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Toutes les sections peuvent avoir un paramètre facultatif de " +"<replaceable>description</replaceable>. Sa fonction ne sert qu'à nommer la " +"section." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> doit être un fichier normal, appartenant à " +"root, et seul root doit pouvoir écrire et lire ce fichier." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "OPTIONS GÉNÉRALES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Les options qui suivent peuvent être utilisées dans plus d'une section de " +"configuration." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "Options utilisables dans toutes les sections" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "debug_level (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Ajoute un horodatage aux messages de débogage. Si journald est activé pour " +"la journalisation de débogage de SSSD, cette option sera ignorée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Par défaut : true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Ajouter les microsecondes à l'horodatage dans les messages de débogage. Si " +"journald est activé pour la journalisation de débogage de SSSD, cette option " +"sera ignorée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "Par défaut : false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Options utilisables dans les sections SERVICE et DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" +"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour " +"s'assurer que le processus est toujours actif et capable de répondre." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Par défaut : 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "SECTIONS SPÉCIALES" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "La section [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Paramètres de sections" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indique la syntaxe du fichier de configuration. Pour SSSD 0.6.0 ou " +"supérieure utiliser la version 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" +"Liste des services séparés par des virgules qui sont démarrés quand sssd se " +"lance." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Les services pris en charge : nss, pam <phrase condition=\"with_sudo\">, " +"sudo</phrase> <phrase condition=\"with_autofs\"> ,autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder" +"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Nombre d'essais de reconnection ou de redémarrage que les services doivent " +"effectuer dans le cas d'un plantage du fournisseur de données avant " +"d'abandonner" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Par défaut : 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domaines" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" +"Un domaine est une base de données contenant les informations utilisateurs. " +"SSSD peut utiliser plusieurs domaines en même temps, au moins un doit être " +"configuré ou SSSD ne démarrera pas. Ce paramètre décrit la liste des " +"domaines dans l'ordre où ils doivent être requêtés. Un nom de domaine ne " +"doit comprendre que des caractères ASCII alphanumériques, des tirets, des " +"points et caractères soulignés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"L'expression régulière par défaut qui décrit la manière d'analyser la chaîne " +"contenant le nom d'utilisateur et de domaine dans ces composants." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" +"Chaque domaine peut avoir une expression régulière individuelle configurée. " +"Pour certains fournisseurs ID, il y a aussi des expressions régulières par " +"défaut. Voir les SECTIONS DOMAINE pour plus d'informations sur ces " +"expressions régulières." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Un format compatible avec<citerefentry> <refentrytitle>printf</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> décrivant comment " +"composer un domaine pleinement qualifé à partir des noms d'utilisateur et de " +"domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "nom d'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" +"nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"nom de domaine à plat. Utilisable principalement pour les domaines Active " +"Directory, configurés directement ou découverts via les relations " +"d'approbation IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Les expansions suivantes sont prises en charge : <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Chaque domaine peut avoir une chaîne de format individuelle configurée. " +"Voir les SECTIONS DOMAINE pour plus d'informations sur cette option." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" +"SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour " +"des résolutions DNS internes. Par défaut, l'utilisation de inotify sera " +"tentée, et reviendra à une interrogation de resolv.conf toutes les cinq " +"secondes si inotify échoue." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Il existe quelques cas spécifiques où l'utilisation de inotify n'est pas " +"conseillée. Dans ces rares cas, cette option devrait être définie à « false »" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Par défaut : true sur les plates-formes où inotify est pris en charge. False " +"sur les autres plates-formes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Note : cette option n'aura aucun effet sur les plateformes où inotify n'est " +"pas disponible. Sur celles-ci, l'interrogation régulière sera toujours " +"utilisée." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Répertoire du système de fichiers où SSSD doit stocker les fichiers de cache " +"de rejeu Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Cette option accepte une valeur spéciale __LIBKRB5_DEFAULTS__ qui indiquera " +"à SSSD de laisser libkrb5 décider l'emplacement approprié pour le cache de " +"relecture." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Par défaut : paramètre spécifique à la distribution et spécifié au moment de " +"la construction du logiciel. (__LIBKRB5_DEFAULTS__ si non configuré)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "user (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" +"L'utilisation vers lequel abandonner les privilèges pour éviter de " +"fonctionner en tant que l'utilisateur root." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "Par défaut : non défini, le processus tourne en tant que root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Cette chaîne servira comme nom de domaine par défaut pour tous les noms sans " +"composant de nom de domaine. Les principaux cas d'utilisation sont les " +"environnements où le domaine principal va permettre de gérer les politiques " +"de systèmes ainsi que tous les utilisateur provenant d'un domaine approuvé. " +"L'option permet à ces utilisateurs de se connecter sans fournir un nom de " +"domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" +"Noter que, si cette option est définie, tous les utilisateurs du domaine " +"principal doivent utiliser leur nom pleinement qualifié, par exemple " +"user@domain.name, pour se connecter. L'utilisation de cette option modifie " +"la valeur par défaut de use_fully_qualified_names à True. Il n'est pas " +"possible ni autorisé d'utiliser cette option avec l'option " +"use_fully_qualified_names à False." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "Par défaut : non défini" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "override_space (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" +"Ce paramètre remplace les espaces avec le caractère indiqués pour les noms " +"d'utilisateurs et de groupes, par ex. (_). Ainsi, le nom "john " +"doe" deviendra "john_doe". Cette fonctionnalité a été ajoutée " +"pour aider à la compatibilité avec les scripts shells qui ont des " +"difficultés à gérer les espaces, du fait que l'espace est le séparateur par " +"défaut de l'interpréteur de commande." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "certificate_verification (string)" +msgstr "ldap_user_certificate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +#, fuzzy +#| msgid "Default: not set, i.e. service discovery is disabled" +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" +"Par défaut : non défini, c'est-à-dire que le service de découverte est " +"désactivé." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Les fonctionnalités propres à SSSD sont fournies par des services " +"spécifiques SSSD, qui sont démarrés et arrêtés en même temps que SSSD. Les " +"services sont gérés par un service spécifique souvent appelé le " +"<quote>moniteur</quote>. La section <quote>[sssd]</quote> est utilisée pour " +"configurer le moniteur ainsi que certaines options importantes comme " +"l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "SECTIONS DE SERVICES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Les options utilisables pour configurer les différents services sont " +"décrites dans cette section. Ils doivent être situés dans la section " +"[<replaceable>$NAME</replaceable>], par exemple pour le service NSS, la " +"section doit être <quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "Options générales de configuration de service" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "Ces options peuvent être utilisées pour configurer les services." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Cette option spécifie le nombre maximal de descripteurs de fichiers qui " +"peuvent être ouverts en même temps par ce processus SSSD. Sur les systèmes " +"où SSSD se voit accorder la capacité CAP_SYS_RESOURCE, ce sera une limite " +"absolue. Sur les systèmes sans cette capacité, la valeur résultante sera la " +"valeur inférieure ou la limite « hard » de limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" +"Cette option spécifie la durée en secondes pendant laquelle un client d'un " +"processus SSSD peut maintenir un descripteur de fichier ouvert sans " +"communiquer avec. Cette valeur est limitée afin d'éviter l'épuisement des " +"ressources sur le système." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "Par défaut : 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "force_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" +"Si un service ne répond pas aux vérifications par ping (Cf. l'option " +"<quote>timeout</quote>), le signal SIGTERM est d'abord envoyé de façon à " +"l'arrêter proprement. Si le service ne se termine pas après " +"<quote>force_timeout</quote> secondes, le moniteur sera arrêté violemment à " +"l'aide d'un signal SIGKILL." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "new_interval = old_interval*2 + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "Par défaut : aucun" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "Options de configuration NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Ces options peuvent être utilisées pour configurer le service Name Service " +"Switch (NSS)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit mettre en cache les " +"énumérations (requêtes sur les informations de tous les utilisateurs)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Par défaut : 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"La valeur du cache peut être définie pour mettre à jour automatiquement les " +"entrées en arrière plan si la requête ne dépasse pas un pourcentage de la " +"valeur de entry_cache_timeout pour le domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Par exemple, si la valeur entry_cache_timeout du domaine est à 30 secondes " +"et que entry_cache_nowait_percentage est à 50 (%), les entrées qui veulent " +"mettre à jour le cache après 15 secondes seront renvoyées immédiatement, " +"mais SSSD continuera et mettra à jour le cache de lui-même. Ainsi, les " +"prochaines requêtes ne seront pas bloquées en attendant une mise à jour du " +"cache." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Les valeurs autorisées pour cette option vont de 0 à 99 et représentent un " +"pourcentage de la valeur entry_cache_timeout pour chaque domaine. Pour des " +"raisons de performance, ce pourcentage ne réduira jamais le délai d'attente " +"de non réponse à moins de 10 secondes (0 pour désactiver l'option)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "Par défaut : 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache " +"les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de " +"données invalides, comme celles qui n'existent pas) avant de faire à nouveau " +"appel au moteur." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Par défaut : 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" +"Exclue certains utilisateurs de la recherche à partir de la base de données " +"sss NSS. Ceci est particulièrement utile pour les comptes système. Cette " +"option peut aussi être définie pour chaque domaine ou inclure des noms de " +"domaines pleinement qualifiés pour filtrer seulement les utilisateurs d'un " +"certain domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "Par défaut : root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Mettre cette option à « false » si les utilisateurs filtrés doivent rester " +"membres de groupes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Définir un modèle par défaut pour un répertoire utilisateur si aucun n'est " +"explicitement spécifié par le fournisseur de données du domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Les valeurs disponibles pour cette option sont les mêmes que pour " +"override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Par défaut : non défini (aucune substitution pour les répertoires d'accueil " +"non définis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "override_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Écrase l'interpréteur de commande à utiliser pour tous les utilisateurs. " +"Cette option prend le pas sur toutes les autres options d'interpréteur de " +"commande si elle est en action, et peut être indiquée au choix soit dans la " +"section [nss], soit par domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "allowed_shells (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Restreindre l'interpréteur de commandes de l'utilisateur à l'une des valeurs " +"indiquées. L'ordre d'évaluation est :" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" +"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</" +"quote>, il est utilisé." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Si l'interpréteur de commandes est dans la liste « allowed_shells » mais " +"n'est pas dans <quote>/etc/shells</quote>, la valeur de repli de « " +"shell_fallback » sera utilisée." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Si l'interpréteur de commandes n'est ni dans la liste « allowed_shells » " +"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" +"Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est " +"à la libc." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"Le fichier <quote>/etc/shells</quote> n'est lu qu'au démarrage de SSSD. Un " +"redémarrage de SSSD est nécessaire si un nouvel interpréteur de commandes " +"est installé." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" +"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est " +"utilisé automatiquement." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" +"Remplace toutes les occurences de ces interpréteurs de commandes par " +"l'interpréteur de commandes par défaut" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "shell_fallback (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"L'interpréteur de commandes par défaut à utiliser si un interpréteur de " +"commandes autorisé n'est pas installé sur la machine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "Par défaut : /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"L'interpréteur de commande par défaut à utiliser si le fournisseur n'en " +"renvoie pas un lors de la recherche. Cette option peut être indiquée au " +"choix soit dans la section [nss], soit par domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Par défaut : non défini (retourne NULL si aucun shell n'est spécifié et " +"s'appuyer sur la libc pour remplacer par quelque chose de sensé lorsque " +"nécessaire, habituellement /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (int)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Spécifie la durée en secondes pendant laquelle la liste de sous-domaines est " +"jugée valide." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "memcache_timeout (int)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid" +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" +"Spécifie la durée en secondes, pour laquelle les enregistrements du cache en " +"mémoire seront valides" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "Par défaut : 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "user_attributes (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "Par défaut : non défini, repli sur l'option InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "Options de configuration de PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Ces options permettent de configurer le service Pluggable Authentication " +"Module (PAM)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Si le fournisseur d'authentification est déconnecté, combien de temps " +"autoriser les connexions à partir du cache (en jours depuis la dernière " +"connexion réussie)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "Par défaut : 0 (pas de limite)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Si le fournisseur d'authentification est déconnecté, combien de connexions " +"échouées sont autorisées." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"Le temps en minutes à attendre après avoir atteint " +"offline_failed_login_attempts avant qu'une nouvelle tentative de connexion " +"soit possible." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Si la valeur est à 0, l'utilisateur ne peut s'authentifier en mode " +"déconnecté si offline_failed_login_attempts est atteint. Seulement une " +"connexion réussie en ligne peut réactiver l'authentification." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "Par défaut : 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Contrôle le type de messages affichés à l'utilisateur pendant le processus " +"d'authentification. Plus le nombre est grand, plus le nombre de messages " +"affichés sera important." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "Actuellement sssd supporte les valeurs suivantes :" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis> : ne pas afficher de message" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis> : afficher les messages d'information" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis> : afficher tous les messages et informations de " +"débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Par défaut : 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Lors de chaque requête PAM quand SSSD est en mode connecté, SSSD tentera de " +"mettre à jour immédiatement les informations d'identité mises en cache pour " +"l'utilisateur de manière à s'assurer que l'authentification se fasse avec " +"les dernières informations." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Une conversation PAM complète peut effectuer plusieurs requêtes PAM, comme " +"la gestion de compte et l'ouverture de session. Cette option contrôle (par " +"client et par application) la durée (en secondes) de mise en cache des " +"informations d'identité afin d'éviter de nombreux aller-retour avec le " +"fournisseur d'identité." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "Afficher une alerte N jours avant l'expiration du mot de passe." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Noter que le moteur du service doit fournir des informations à propos du " +"délai d'expiration du mot de passe. Si cette information est manquante, sssd " +"ne peut afficher de message d'alerte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Si la valeur est zéro, ce filtre n'est pas appliqué, c'est-à-dire que si " +"l'avertissement d'expiration est reçu de la part du moteur du serveur, il " +"sera automatiquement affiché." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Ce paramètre peut être surchargé par le paramètre " +"<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Par défaut : 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" +"Par défaut : all (tous les utilisateurs peuvent accéder au répondeur PAM)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" +"Deux valeurs spéciales pour l'option pam_public_domains sont définies :" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" +"all (tous les utilisateurs non dignes de confiance sont autorisés à accéder " +"à tous les domaines PAM dans le répondeur.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" +"none (les utilisateurs non dignes de confiance, Untrusted, ne sont pas " +"autorisés à accéder à un des domaines PAM dans le répondeur.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, fuzzy, no-wrap +#| msgid "" +#| "pam_account_expired_message = Account expired, please call help desk.\n" +#| " " +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +#, fuzzy +#| msgid "pam_account_expired_message (string)" +msgid "pam_account_locked_message (string)" +msgstr "pam_account_expired_message (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, fuzzy, no-wrap +#| msgid "" +#| "pam_account_expired_message = Account expired, please call help desk.\n" +#| " " +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "pam_id_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "Options de configuration de SUDO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Ces options peuvent être utilisées pour configurer le service sudo. Les " +"directives de configuration de <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> dans <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"sont détaillées dans la page de manuel <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Évaluation ou non des attributs sudoNotBefore et sudoNotAfter qui utilisent " +"les entrées sudoers sensibles au temps." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "Options de configuration AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "Ces options peuvent être utilisées pour configurer le service autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Spécifie le délai en secondes pendant lequel le répondeur autofs stocke les " +"réponses négatives (autrement dit, les requêtes pour les entrées de mappage " +"non valide, comme celles qui n'existent pas) avant de demander à nouveau au " +"moteur." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "Options de configuration SSH" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" +"Les options suivantes peuvent être utilisées pour configurer le service SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Condenser ou non les noms de systèmes et adresses du fichier known_hosts" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"La durée en secondes pendant laquelle conserver un système dans le fichier " +"known_hosts géré après que ses clés de système ont été demandés." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "Par défaut : 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +#, fuzzy +#| msgid "mail_dir (string)" +msgid "ca_db (string)" +msgstr "mail_dir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "Par défaut : /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "Options de configuration du répondeur PAC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" +"Le répondeur PAC fonctionne avec le greffon de données d'autorisation pour " +"sssd_pac_plugin.so MIT Kerberos et un fournisseur de sous-domaine. Le " +"greffon envoie les données PAC au cours d'une authentification GSSAPI au " +"répondeur PAC. Le fournisseur de sous-domaine recueille le SID du domaine et " +"les plages d'ID du domaine auquel le client est lié au et des domaines " +"approuvés distants du contrôleur de domaine local. Si les données PAC sont " +"décodées et évaluées, les opérations suivantes sont effectuées :" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" +"Si l'utilisateur distant n'existe pas dans le cache, il est créé. L'uid est " +"calculé en fonction du SID, les domaines de confiance auront des groupes " +"d'utilisateurs privés, et le gid aura la même valeur que l'uid. Le " +"répertoire utilisateur est défini en fonction du paramètre " +"subdomain_homedir. Le shell sera vide par défaut, permettant l'utilisation " +"de la valeur par défaut du système, mais peut être remplacé par le paramètre " +"default_shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"S'il y a des SID de groupes des domaines connus de sssd, l'utilisateur sera " +"ajouté à ces groupes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Les options suivantes peuvent être utilisées pour configurer le répondeur " +"PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "allowed_uids (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs " +"qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs " +"seront résolus en UID au démarrage." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur " +"PAC)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Noter que bien que l'UID 0 est utilisé par défaut, il sera remplacé par " +"cette option. Si vous voulez continuer à permettre à l'utilisateur root à " +"accéder au répondeur PAC, ce qui serait un cas habituel, vous devez ajouter " +"0 à la liste des UID d'utilisateurs autorisés." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "SECTIONS DOMAINES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Limites UID et GID pour le domaine. Si un domaine contient une entrée en " +"dehors de ces limites, elle est ignorée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Pour les utilisateurs, cela affecte la limite des GID primaires. " +"L'utilisateur ne sera pas renvoyé vers NSS si l'UID ou le GID primaire sont " +"en dehors de la plage. Pour l'appartenance à un groupe non primaire, ceux " +"qui sont dans la plage seront rapportés comme prévu." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Ces limites d'identifiants affecte aussi les mises en cache des entrées, et " +"pas seulement leur recherche par nom ou identifiant." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Default: 1 for min_id, 0 (no limit) for max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "enumerate (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" +"Détermine si un domaine peut être énuméré. Ce paramètre peut avoir une des " +"valeurs suivantes :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = utilisateurs et groupes sont énumérés" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = aucune énumération pour ce domaine" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "Par défaut : FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" +"Note : activer l'énumération a un impact modéré sur les performances de SSSD " +"lorsque l'énumération est en cours. Plusieurs minutes peuvent être " +"nécessaires après le démarrage de SSSD pour terminer l'énumération complète. " +"Pendant ce temps, les requêtes individuelles pour des informations iront " +"directement vers LDAP, bien que plus lent et ce à cause de la charge " +"importante liée au processus d'énumération. Le fait de mettre un grand " +"nombre d'entrées en cache lorsque l'énumération est terminée peut être " +"également intensif pour le CPU, car les appartenances aux groupes doivent " +"être recalculées." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Lorsque la première énumération est en cours, les requêtes pour des listes " +"utilisateurs ou de groupes peuvent retourner des résultats vides avant que " +"l'énumération ne se termine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"De plus, activer l'énumération peut augmenter le temps nécessaire pour " +"détecter la déconnexion d'un réseau, puisque des délais d'attente supérieurs " +"sont nécessaires pour s'assurer que les requêtes d'énumération se terminent " +"avec succès. Pour plus d'informations, se référer au manuel pour le " +"fournisseur d'identité spécifique utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"Pour les raisons citées plus haut, l'activation de l'énumération est " +"déconseillée, surtout dans les environnements de grande taille." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "Tous les domaines approuvés découverts seront énumérés" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "Aucun domaine approuvé découvert ne sera énuméré" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Les domaines approuvés auto-détectés doivent-ils être énumérés ?\n" +"Les valeurs prises en charge sont : <placeholder type=\"variablelist\" id=" +"\"0\"/> \n" +"De manière facultative, une liste d'un ou plusieurs noms de domaines peut " +"activer l'énumération pour ces seuls domaines." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées " +"comme valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Les horodatages d'expiration de cache sont stockés en tant qu'attributs des " +"objets individuels dans le cache. Il en découle que la modification du délai " +"d'expiration du cache ne sera pris en compte que pour les entrées qui y sont " +"nouvellement ajoutées, ou pour celles qui ont expiré. Vous devriez utiliser " +"l'outil <citerefentry> <refentrytitle>sss_cache</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> de manière à forcer un " +"rafraîchissement des entrées qui sont déjà en cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "Par défaut : 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées " +"d'utilisateurs comme valides avant de les redemander au moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "Par défaut : entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " +"groupes comme valides avant de les redemander au moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " +"netgroup comme valides avant de les redemander au moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " +"service valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"La durée en secondes pendant laquelle sudo doit considérer les règles comme " +"valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"La durée en secondes pendant laquelle le service autofs doit considérer les " +"cartes d'automontage comme valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"La durée en secondes pendant laquelle conserver une clé ssh d'hôte après " +"rafraichissement. I.e. combien de temps mettre la clé en cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Indique la durée en secondes pendant laquelle SSSD doit attendre avant de " +"déclencher une tâche en arrière-plan qui rafraichira tous les " +"enregistrements expirés ou sur le point de l'être." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" +"Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "Par défaut : 0 (désactivé)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" +"Détermine si les données d'identification de l'utilisateur sont aussi mis en " +"cache dans le cache LDB local" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" +"Les informations d'identification utilisateur sont stockées dans une table " +"de hachage SHA512, et non en texte brut" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "Par défaut : 8" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Durée en jours pendant laquelle les entrées sont stockées dans le cache " +"après la dernière connexion réussie, avant d'être enlevées lors du nettoyage " +"du cache. 0 signifie qu'elles sont conservées indéfiniment. La valeur de ce " +"paramètre doit être supérieur ou égal à offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Par défaut : 0 (illimité)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Veuillez noter que le moteur du service doit fournir des informations à " +"propos du délai d'expiration du mot de passe. Si cette information est " +"manquante, sssd ne peut afficher de message d'alerte. De plus, un " +"fournisseur oauth doit être configuré pour le moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "id_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"Le fournisseur d'identification utilisé pour le domaine. Les fournisseurs " +"d'identification pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "<quote>proxy</quote> : prise en charge de l'ancien fournisseur NSS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" +"<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> : fournisseur LDAP. Cf. " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" +"<quote>ipa</quote> : fournisseur FreeIPA et Red Hat Enterprise Identity " +"Management. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> pour plus d'informations sur la " +"configuration de FreeIPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote> : fournisseur Active Directory. Cf. " +"<citerefentry><refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration " +"d'Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Utiliser le nom complet et le domaine (comme formaté par le paramètre " +"full_name_format du domaine) comme nom de connexion de l'utilisateur " +"communiqué à NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Si défini à TRUE, toutes les requêtes pour ce domaine doivent utiliser des " +"noms pleinement qualifiés. Par exemple, pour un utilisateur « test » dans un " +"domaine LOCAL, <command>getent passwd test</command> ne trouvera pas " +"l'utilisateur avant que <command>getent passwd test@LOCAL</command> ne le " +"trouve." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"NOTE : Cette option n'a pas d'effet sur les recherches de netgroups, du fait " +"de leur tendance à inclure des groupes imbriqués sans noms qualifiés. Pour " +"les netgroups, la recherche se fera dans tous les domaines lorsqu'un nom non " +"qualifié sera demandé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "Par défaut : false (true si default_domain_suffix est utilisée)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "auth_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"Le fournisseur d'authentification utilisé pour le domaine. Les fournisseurs " +"pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour une authentification LDAP native. Cf. " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> pour une authentification Kerberos. Cf. <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> pour plus d'informations sur la configuration de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> pour relayer l'authentification vers d'autres cibles " +"PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> désactive l'authentification explicitement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " +"gérer les requêtes d'authentification." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "access_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"Le fournisseur de contrôle d'accès utilisé pour le domaine. Il y a deux " +"fournisseurs d'accès natifs (en plus de ceux disponibles dans les moteurs " +"installés). Les fournisseurs internes spécifiques sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> toujours autoriser l'accès. C'est le seul fournisseur " +"d'accès autorisé pour un domaine local." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> toujours refuser les accès." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"Contrôle d'accès <quote>simple</quote> basé sur des listes d'autorisations " +"ou de refus d'accès. Cf. <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> pour plus " +"d'informations sur la configuration du module d'accès simple." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "Par défaut : <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "chpass_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"Le fournisseur qui doit gérer le changement des mots de passe pour le " +"domaine. Les fournisseurs pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour modifier un mot de passe stocké sur un serveur " +"LDAP. Cf. <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> pour plus d'informations sur la " +"configuration LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> pour changer le mot de passe Kerberos. Cf. " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration de " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> pour relayer le changement de mot de passe vers une " +"autre cible PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" +"<quote>none</quote> pour désactiver explicitement le changement de mot de " +"passe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Par défaut : <quote>auth_provider</quote> est utilisé si il est défini et " +"peut gérer les changements de mot de passe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "sudo_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en " +"charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour les règles stockés dans LDAP. Voir " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> identiqué à <quote>ldap</quote> mais avec les paramètres " +"par défaut pour IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ipa</quote> identiqué à <quote>ldap</quote> mais avec les paramètres " +"par défaut pour AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> désactive explicitement SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle " +"est définie." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "selinux_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"Le fournisseur qui doit gérer le chargement des paramètres de selinux. " +"Remarque : ce fournisseur sera appelé juste après la fin de l'appel au " +"fournisseur d'accès. Les fournisseurs selinux pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charger les paramètres selinux depuis un serveur " +"IPA. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" +"<quote>none</quote> n'autorise pas la récupération explicite des paramètres " +"selinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " +"gérer le chargement selinux" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"Le fournisseur doit être capable de gérer la récupération des sous-" +"domaines. Cette valeur doit être toujours identique à id_provider. Les " +"fournisseurs de sous-domaine pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charger une liste de sous-domaines depuis un serveur " +"IPA. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" +"<quote>none</quote> désactive la récupération explicite des sous-domaines." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "autofs_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"Le fournisseur autofs utilisé pour le domaine. Les fournisseurs autofs pris " +"en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour charger les cartes stockées dans LDAP. Cf. " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charger les cartes stockées sur un serveur IPA. Cf. " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'information sur la configuration de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote> to load maps stored in an IPA server. See " +#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring IPA." +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ipa</quote> pour charger les cartes stockées sur un serveur IPA. Cf. " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'information sur la configuration de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> désactive explicitement autofs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "hostid_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"Le fournisseur utilisé pour récupérer les informations d'identité des " +"systèmes. Les fournisseurs de hostid pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charge l'identité du système stockée sur un serveur " +"IPA. Cf. <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> pour plus d'informations sur la " +"configuration de IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> désactive explicitement hostid." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"L'expression rationnelle pour ce domaine qui décrit comment analyser la " +"chaîne contenant le nom d'utilisateur et domaine et en extraire ces " +"composants. Le « domaine » peut correspondre à soit au nom de domaine de la " +"configuration SSSD, ou, dans le cas de relations d'approbations avec des " +"sous-domaines IPA ou des domaines Active Directory, le nom plat (NetBIOS) du " +"domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" +"Valeur par défaut pour les fournisseurs AD et IPA : <quote>(((?P<" +"domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<" +"domain>.+$))|(^(?P<name>[^@\\\\]+)$))</quote> qui utilisent trois " +"styles différents pour les noms d'utilisateurs :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "username@domain.name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "domain\\username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Bien que les deux premiers correspondent à la valeur par défaut en général " +"le troisième est introduit pour permettre une intégration facile des " +"utilisateurs de domaines Windows." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" +"Par défaut : <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"qui se traduit par « peu importe le nom jusqu'au <quote>@</quote>, peu " +"importe le domaine après »" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" +"REMARQUE : la prise en charge de sous-motifs nommés multiples n'est pas " +"disponible sur certaines plates-formes (par exemple, RHEL5 et SLES10). " +"Seules les plates-formes avec libpcre version 7 ou supérieure peuvent " +"prendre en charge les sous-motifs nommés multiples." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" +"REMARQUE ADDITIONNELLE : les anciennes versions de libpcre ne supportent que " +"la syntaxe Python (?P<name>) pour nommer les sous-motifs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Par défaut : <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Fournit la possibilité de sélectionner la famille d'adresse préférée à " +"utiliser pour effectuer les requêtes DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "Valeurs prises en charge :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, " +"essayer IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" +"ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter " +"IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" +"ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "Par défaut : ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" +"Délai (en secondes) d'attente de la réponse du résolveur DNS avant de " +"considérer qu'il est injoignable. Si ce délai maximum est atteint, le " +"domaine continuera à opérer en mode déconnecté." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Par défaut : 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Si la découverte de services est utilisé par le moteur, spécifie la partie " +"du domaine faisant partie de la requête DNS de découverte de services." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" +"Par défaut : utiliser la partie du domaine qui est dans le nom de système de " +"la machine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "override_gid (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "Redéfinit le GID primaire avec la valeur spécifiée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "case_sensitive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "Insensible à la casse." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "Preserving" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" +"Comme False (insensible à la casse), mais ne convertit pas les noms en " +"minuscules lors des opérations NSS. Notez que les alias de noms (et dans le " +"cas des services les noms de protocoles) sont toujours en minuscule dans la " +"sortie." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "Par défaut : true (false pour le fournisseur AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Quand un utilisateur ou un groupe est recherché par son nom dans le " +"fournisseur proxy, une deuxième recherche par ID est effectuée pour " +"récupérer le nom canonique, dans le cas où le nom demandé serait un alias. " +"Cette option positionnée à true active la recherche par l'ID dans le cache " +"afin d'améliorer les performances." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "nom plat (NetBIOS) d'un sous-domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Utiliser ce répertoire utilisateur comme valeur par défaut pour tous les " +"sous-domaines dans cette relation d'approbation Active Directory. Voir " +"<emphasis>override_homedir</emphasis> pour des informations sur les valeurs " +"possibles. En plus de celles-ci, le remplacement ci-dessous ne peut être " +"utilisé qu'avec <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"La valeur peut être surchargée par l'option <emphasis>override_homedir</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Par défaut : <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "realmd_tags (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"Étiquettes diverses stockées par le service de configuration de realmd pour " +"ce domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "memcache_timeout (int)" +msgid "cached_auth_timeout (int)" +msgstr "memcache_timeout (int)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Ces options de configuration peuvent être présentes dans la section de " +"configuration du domaine, c'est-à-dire dans la section nommée <quote>[domain/" +"<replaceable>NAME</replaceable>]</quote> <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "Le proxy cible duquel PAM devient mandataire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" +"Par défaut : non défini, il faut utiliser une configuration de pam existante " +"ou en créer une nouvelle et ajouter le nom de service ici." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"Le nom de la bibliothèque NSS à utiliser dans les domaines proxy. Les " +"recherches de fonctions NSS dans la bibliothèque sont sous la forme _nss_" +"$(libName)_$(function), par exemple _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" +"Options valides pour les domaines proxy. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "La section du domaine local" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" +"Cette section contient les paramètres pour le domaine qui stocke les " +"utilisateurs et les groupes dans la base de données native SSSD, c'est-à-" +"dire un domaine qui utilise <replaceable>id_provider=local</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "default_shell (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" +"L'interpréteur de commandes par défaut pour les utilisateurs créés avec les " +"outils en espace utilisateur SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "Par défaut : <filename>/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "base_directory (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" +"Les outils ajoutent le nom d'utilisateur à <replaceable>base_directory</" +"replaceable> et l'utilisent comme dossier personnel." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "Par défaut : <filename>/home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "create_homedir (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" +"Indique si un dossier personnel doit être créé par défaut pour les nouveaux " +"utilisateurs. Peut être outrepassé par la ligne de commande." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "Par défaut : TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "remove_homedir (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" +"Indiquer si un dossier personnel doit par défaut être supprimé à la " +"suppression des utilisateurs. Peut être outrepassé par la ligne de commande." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "homedir_umask (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" +"Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions par " +"défaut sur un répertoire personnel nouvellement créé." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "Par défaut : 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "skel_dir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" +"Le répertoire squelette contenant les fichiers et répertoires à copier dans " +"le répertoire personnel de l'utilisateur une fois ce répertoire créé par " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "Par défaut : <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "mail_dir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" +"Le répertoire de gestion des e-mails. Nécessaire pour manipuler les boîtes e-" +"mail quand les comptes utilisateurs sont modifiés ou supprimés. Si non " +"précisé, la valeur par défaut est utilisée." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "Par défaut : <filename>/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "userdel_cmd (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" +"La commande qui est exécutée quand un utilisateur est supprimé. La commande " +"a comme seul argument le nom de l'utilisateur qui doit être supprimé. Le " +"code en retour de la commande n'est pas pris en compte." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "Par défaut : None, aucune commande lancée" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "EXEMPLE" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"L'exemple suivant montre une configuration SSSD classique. Il ne décrit pas " +"la configuration des domaines. Se référer à la documentation sur la " +"configuration des domaines pour plus de détails. <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Fournisseur LDAP SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" +"Il est possible de configurer SSSD pour utiliser plus d'un domaine LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" +"Le moteur de traitement LDAP prend en charge les fournisseurs id, auth, " +"access et chpass. Si vous voulez vous authentifier sur un serveur LDAP, il " +"vous faut utiliser TLS/SSL ou LDAPS. <command>sssd</command> <emphasis>ne " +"prend pas en charge</emphasis> l'authentification sur un canal non chiffré. " +"Si le serveur LDAP est utilisé seulement comme fournisseur d'identité, un " +"canal crypté n'est pas nécessaire. Se référer aux options de configurations " +"<quote>ldap_access_filter</quote> pour plus d'information sur l'utilisation " +"en tant que fournisseur d'accès." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "OPTIONS DE CONFIGURATION" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Spécifie par ordre de préférence la liste séparée par des virgules d'URI des " +"serveurs LDAP auquel doit se connecter SSSD. Se reporter à la section de " +"<quote>BASCULE</quote> pour plus d'informations sur le repli et la " +"redondance de serveurs. Si aucune de ces options n'est spécifiée, la " +"découverte d'un service est activé. Pour plus d'informations, se reporter à " +"la section de <quote>DÉCOUVERTE DE SERVICE</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" +"Le format de l'URI doit correspondre au format définit dans la RFC 2732 :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"Pour les adresses explicitement en IPv6, le composant <host> doit être " +"entre crochets []" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "exemple : ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Spécifie la liste d'URI séparée par des virgules des serveurs LDAP auquel " +"doit se connecter DSSD par ordre de préférence pour changer le mot de passe " +"d'un utilisateur. Reportez-vous à la section de <quote>bascule</quote> pour " +"plus d'informations sur le repli et la redondance de serveurs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Pour activer la découverte de services, ldap_chpass_dns_service_name doit " +"être défini." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Par défaut : vide, ldap_uri est donc utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"Le DN de base par défaut à utiliser pour effectuer les opérations LDAP sur " +"les utilisateurs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"À partir de SSSD 1.7.0, SSSD prend en charge plusieurs bases de recherche à " +"l'aide de la syntaxe :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "La portée peut être l'une des « base », « onelevel » ou « subtree »." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Le filtre doit être un filtre de recherche LDAP valide tel que spécifié par " +"http://www.ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "Exemples :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (ce qui équivaut à) ldap_search_base = " +"dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Remarque : Il est n'est pas possible d'avoir plusieurs bases de recherche " +"qui référencent des objets portant le même nom (par exemple, les groupes " +"portant le même nom dans deux bases de recherche différents). Cela conduira " +"à un comportement imprévisible sur les ordinateurs clients." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Par défaut : si non définie, les valeurs des attributs defaultNamingContext " +"ou namingContexts du RootDSE du serveur LDAP sont utilisées. Si " +"defaultNamingContext n'existe pas ou a une valeur vide, namingContexts est " +"utilisé. Les attributs namingContexts doivent avoir une seule valeur avec un " +"DN de base de recherche pour le serveur LDAP pour que cela fonctionne. Des " +"valeurs multiples ne sont pas permises." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "ldap_schema (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Spécifie le type de schéma utilisé sur le serveur LDAP cible. Selon le " +"schéma sélectionné, les noms d'attributs par défaut provenant des serveurs " +"peuvent varier. La manière dont certains attributs sont traités peut-être " +"également différer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "Quatre types de schéma sont actuellement pris en charge :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"La principale différence entre ces types de schéma est la façon dont les " +"appartenances aux groupes sont enregistrés dans le serveur. Avec rfc2307, " +"les membres du groupe sont répertoriées par nom dans l'attribut " +"<emphasis>memberUid</emphasis>. Avec rfc2307bis et IPA, les membres du " +"groupe sont répertoriés par DN et stockées dans l'attribut de " +"<emphasis>member</emphasis>. Le type de schéma AD définit les attributs " +"correspondant aux valeurs d'Active Directory 2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "Par défaut : rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"Le DN de connexion par défaut à utiliser pour effectuer les opérations LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" +"Le type de jeton d'authentification pour le DN de connexion par défaut." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "Les deux mécanismes actuellement pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "Par défaut : password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" +"Le jeton d'authentification pour le DN de connexion par défaut. Seuls les " +"mots de passe en clair sont actuellement pris en charge." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "La classe d'objet d'une entrée utilisateur dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "Par défaut : posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" +"L'attribut LDAP correspondant à l'identifiant de connexion de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "Par défaut : uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "L'attribut LDAP correspondant à l'id de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "par défaut : uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" +"L'attribut LDAP correspondant à l'id du groupe primaire de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "Par défaut : gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "L'attribut LDAP correspondant au champ gecos de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "Par défaut : gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" +"L'attribut LDAP qui contient le nom du répertoire personnel de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "Par défaut : homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"L'attribut LDAP qui contient le chemin vers l'interpréteur de commandes de " +"l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "Par défaut : loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" +"Par défaut : non défini dans le cas général, objectGUID pour AD et " +"ipaUniqueID pour IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"L'attribut LDAP qui contient l'objectSID d'un objet d'utilisateur LDAP. Ceci " +"n'est habituellement nécessaire que pour les serveurs Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"L'attribut LDAP qui contient l'horodatage de la dernière modification de " +"l'objet parent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "Par défaut : modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (date de changement du dernier mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "Par défaut : shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie<citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (durée de validité minimum du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "Par défaut : shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (âge maximum du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "Par défaut : shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (période d'avertissement du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "Par défaut : shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (période d'inactivité du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "Par défaut : shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow ou " +"ldap_account_expire_policy=shadow, ce paramètre contient le nom de " +"l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (date d'expiration du compte)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "Par défaut : shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient " +"le nom de l'attribut LDAP stockant la date et l'heure du dernier changement " +"de mot de passe dans kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "Par défaut : krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient " +"le nom de l'attribut LDAP stockant la date et l'heure d'expiration du mot de " +"passe actuel." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "Par défaut : krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre " +"contient le nom d'un attribut LDAP stockant la date d'expiration du compte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "Par défaut : accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre " +"contient le nom d'un attribut LDAP stockant le champ de bits de contrôle du " +"compte utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "Par défaut : userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=rhds ou équivalent, ce " +"paramètre détermine si l'accès est autorisé ou non." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "Par défaut : nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " +"détermine si l'accès est autorisé ou non." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "Par défaut : loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " +"détermine jusqu'à quand l'accès est autorisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " +"détermine les heures des jours dans la semaine pendant lesquelles l'accès " +"est autorisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "Par défaut : loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"L'attribut LDAP contenant le nom du principal d'utilisateur (UPN) Kerberos " +"de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "Par défaut : krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Liste séparée par des virgules des attributs LDAP que SSSD va demander en " +"plus des attributs utilisateur habituels." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"La liste ne peut contenir que des noms d'attributs LDAP, ou des tuples " +"séparés par des virgules de nom d'attribut de cache et nom d'attribut LDAP. " +"Dans le cas où seul le nom d'un attribut LDAP est indiqué, l'attribut est " +"enregistré tel quel dans le cache. L'utilisation d'un nom d'attribut SSSD " +"peut être nécessaire pour les environnements configurant plusieurs domaines " +"SSSD utilisant des schémas LDAP différents." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Veuillez noter que plusieurs noms d'attributs sont réservés par SSSD, dont " +"l'attribut <quote>name</quote>. SSSD émettrait une erreur si l'un des noms " +"d'attributs réservés est utilisé par un nom d'attribut supplémentaire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Enregistrer l'attribut LDAP <quote>telephoneNumber</quote> en tant que " +"<quote>telephoneNumber</quote> dans le cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" +"Enregistrer l'attribut LDAP <quote>telephoneNumber</quote> en tant que " +"<quote>phone</quote> dans le cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "Par défaut : sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Certains serveurs d'annuaire, comme par exemple Active Directory, peuvent " +"délivrer la partie domaine de l'UPN en minuscules, ce qui peut faire échouer " +"l'authentification. Définir cette option à une valeur non nulle pour " +"utiliser un nom de domaine en majuscules." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Spécifie la durée en secondes pendant laquelle SSSD doit attendre avant " +"d'actualiser son cache d\"énumération d'enregistrements." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Détermine la fréquence de vérification de la présence d'entrées inactives " +"dans le cache (telles que groupes sans membres et utilisateurs ne s'étant " +"jamais connectés) et de suppression pour économiser de l'espace." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "Par défaut : cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" +"L'attribut LDAP énumérant les groupes auquel appartient un utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "Par défaut : memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Lorsque access_provider=ldap et ldap_access_order=authorized_service, SSSD " +"utilise la présence de l'attribut authorizedService dans l'entrée LDAP de " +"l'utilisateur pour déterminer les autorisations d'accès." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Le refus explicite (!svc) est résolu en premier. Ensuite, SSSD cherche une " +"autorisation explicite (svc) et enfin allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Noter que l'option de configuration ldap_access_order <emphasis>doit</" +"emphasis> inclure <quote>authorized_service</quote> de façon à permettre à " +"l'option ldap_user_authorized_service de fonctionner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "Par défaut : authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Si access_provider=ldap et ldap_access_order=host, SSSD va utiliser la " +"présence de l'attribut host dans l'entrée LDAP de l'utilisateur pour " +"déterminer les autorisations d'accès." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Le refus explicite (!host) est résolu en premier. SSSD recherche ensuite les " +"autorisations explicites (host) et enfin toutes les autorisations (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Noter que l'option de configuration ldap_access_order <emphasis>doit</" +"emphasis> inclure <quote>host</quote> de façon à permettre à l'option " +"ldap_user_authorized_host de fonctionner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "Par défaut : host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +#, fuzzy +#| msgid "" +#| "Default: not set in the general case, objectGUID for AD and ipaUniqueID " +#| "for IPA" +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" +"Par défaut : non défini dans le cas général, objectGUID pour AD et " +"ipaUniqueID pour IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "La classe d'objet d'une entrée de groupe dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "Par défaut : posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "L'attribut LDAP correspondant au nom du groupe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "L'attribut LDAP correspondant à l'identifiant de groupe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "L'attribut LDAP contenant les noms des membres du groupe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"L'attribut LDAP qui contient l'objectSID d'un objet de groupe LDAP. Ceci " +"n'est habituellement nécessaire que pour les serveurs Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "ldap_group_type (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"L'attribut LDAP qui contient une valeur entière indiquant le type de groupe " +"voire d'autres indicateurs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Cet attribut est actuellement utilisé uniquement par le fournisseur AD pour " +"déterminer si un groupe est un groupe de domaine local et doit être filtré " +"hors des domaines approuvés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" +"Par défaut : groupType dans le fournisseur AD, non configuré pour les autres" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "ldap_group_member (string)" +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_member (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +#, fuzzy +#| msgid "Default: groupType in the AD provider, othewise not set" +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" +"Par défaut : groupType dans le fournisseur AD, non configuré pour les autres" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Si ldap_schema est défini comme un format prenant en charge les groupes " +"imbriqués (par exemple RFC2307bis), alors cette option contrôle le nombre de " +"niveaux d'imbrication que SSSD suivra. Cette option n'a pas d'effet sur le " +"schéma RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "Par défaut : 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "ldap_groups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" +"Cette option indique à SSSD de tirer parti d'une fonctionnalité Active " +"Directory spécifique qui peut accélérer les opérations de recherche de " +"groupe sur les déploiements utilisant des groupes profondément imbriqués et " +"complexes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" +"Dans la plupart des cas, il est préférable de laisser cette option " +"désactivée. Elle ne fournit une augmentation des performances que sur les " +"imbrications très complexes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" +"Si cette option est activée, SSSD l'utilisera s'il détecte que le serveur la " +"prend en charge au cours de la connexion initiale. Ainsi, « true » signifie " +"essentiellement « auto-detect »." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" +"Remarque : Cette fonctionnalité fonctionne uniquement avec Active Directory " +"2008 R1 et versions suivantes. Consulter <ulink url=\"http://msdn.microsoft." +"com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx\">la " +"documentation de MSDN(TM)</ulink> pour plus de détails." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "Par défaut : False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "ldap_initgroups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" +"Cette option indique à SSSD de tirer parti d'une fonctionnalité Active " +"Directory spécifique qui peut accélérer les opérations initgroups (le plus " +"souvent lors de l'utilisation de groupes profondément imbriqués ou " +"complexes)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"Cette option active ou désactive l'utilisation de l'attribut Token-Groups " +"lors de l'initialisation des groupes pour les utilisateurs Active Directory " +"2008 et versions ultérieures." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "La classe d'objet d'une entrée de netgroup dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" +"Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la " +"place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "Par défaut : nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "L'attribut LDAP correspondant au nom du netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" +"Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "L'attribut LDAP contenant les noms des membres du netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" +"Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "Par défaut : memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"L'attribut LDAP contenant les triplets (hôte, utilisateur, domaine) d'un " +"netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "Cette option n'est pas disponible dans le fournisseur IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "Par défaut : nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "La classe d'objet d'une entrée de service LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "Par défaut : ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"L'attribut LDAP qui contient le nom des attributs de service et de leurs " +"alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "L'attribut LDAP qui contient le port géré par ce service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "Par défaut : ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "L'attribut LDAP qui contient les protocoles compris par ce service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "Par défaut : ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP " +"avant annulation et utilisation des résultats contenus dans le cache (et " +"activation du mode hors ligne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Note : cette option est susceptible de changer dans les prochaines version " +"de SSSD. Elle sera sûrement remplacée par une série de délais d'attente pour " +"différents types de recherches." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP " +"sur les utilisateurs et groupes avant annulation et utilisation des " +"résultats mis en cache (et activation du mode hors ligne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Définit le délai d'attente (en secondes) après lequel les fonctions " +"<citerefentry> <refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " +"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> " +"<manvolnum>2</manvolnum> </citerefentry> suivant un <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> rendent la main en cas d'inactivité." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Spécifie un délai d'attente (en secondes) pendant laquelle une connexion à " +"un serveur LDAP est maintenue. Passé ce délai, la connexion devra être " +"rétablie. Si ce paramètre est utilisé en parallèle avec SASL/GSSAPI, la plus " +"courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "Par défaut : 900 (15 minutes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Définit le nombre d'enregistrements à récupérer lors d'une requête LDAP. " +"Certains serveurs LDAP imposent une limite maximale par requête." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "Par défaut : 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Désactiver le contrôle de pagination LDAP. Cette option doit être utilisée " +"si le serveur LDAP signale qu'il prend en charge le contrôle de pagination " +"LDAP de l'objet RootDSE, mais qu'il n'est pas activé ou ne se comporte pas " +"correctement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Exemple : le serveurs OpenLDAP avec le module de contrôle de pagination " +"installé sur le serveur mais non activé le signaleront dans RootDSE mais il " +"sera impossible de l'utiliser." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Exemple : 389 DS a un bogue où il ne peut que soutenir qu'un seul contrôle " +"de pagination à la fois sur une connexion donnée. Sur les clients chargés, " +"cela peut entraîner l'échec de certaines demandes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "Désactiver la récupération de plage Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"Active Directory limite le nombre de membres à récupérer par recherche à " +"l'aide de la stratégie MaxValRange (qui prend la valeur par défaut de 1500 " +"membres). Si un groupe contient plus de membres, la réponse inclura une " +"extension de plage spécifique à Active Directory. Cette option désactive " +"l'analyse de cette extension de plage, les groupes de grande taille " +"apparaissant ainsi sans aucun membre." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le " +"niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs " +"de cette option sont définies par OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Par défaut : Utiliser la valeur par défaut du système (généralement spécifié " +"par ldap.conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Définit le nombre de membres du groupe qui doivent manquer au sein du cache " +"interne afin de déclencher une recherche de déréférencement. Si le nombre de " +"membres manquants est inférieur, ils sont recherchés individuellement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" +"Vous pouvez désactiver complètement les recherches de déréférencement en " +"affectant la valeur 0." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Une recherche de déréférencement est un moyen pour récupérer tous les " +"membres d'un groupe avec un seul appel LDAP. Plusieurs serveurs LDAP peuvent " +"avoir différentes méthodes de déréférencement. Les serveurs actuellement " +"acceptés sont 389/RHDS, OpenLDAP et Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Remarque :</emphasis> Si l'une des bases de recherche spécifie un " +"filtre de recherche, alors l'amélioration de la performance de recherche de " +"déréférencement est désactivée indépendamment de ce paramètre." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Définit les vérifications à effectuer sur les certificats serveur sur une " +"session TLS, si elle existe. Une des valeurs suivantes est utilisable :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> : le client ne demandera ni ne vérifiera un " +"quelconque certificat du serveur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> : le certificat serveur est demandé. Si aucun " +"certificat n'est fournit, la session continue normalement. Si un mauvais " +"certificat est fourni, il est ignoré et la session continue normalement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> : le certificat serveur est demandé. Si aucun " +"certificat n'est fourni, la session continue normalement. Si un mauvais " +"certificat est fourni, la session se termine immédiatement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> : le certificat serveur est demandé. Si aucun " +"certificat ou un mauvais certificat est fourni, la session se termine " +"immédiatement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "Par défaut : hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Définit le fichier qui contient les certificats pour toutes les autorités de " +"certification que <command>sssd</command> reconnaîtra." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Par défaut : utilise les paramètres par défaut de OpenLDAP, en général dans " +"<filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Spécifie le chemin d'un dossier qui contient les certificats de l'autorité " +"de certificats dans des fichiers séparés. Usuellement, les noms de fichiers " +"sont la somme de contrôle du certificat suivi de « .0 ». Si disponible, " +"<command>cacertdir_rehash</command> peut être utilisé pour créer les noms " +"corrects." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "Définit le fichier qui contient le certificat pour la clef du client." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "Définit le fichier qui contient la clef du client." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" +"Définit le fait que le fournisseur d'identité de connexion doit aussi " +"utiliser <systemitem class=\"protocol\">tls</systemitem> pour protéger le " +"canal." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Indique que SSSD doit tenter de trouver les correspondances des ID " +"d'utilisateur et de groupe dans les attributs ldap_user_objectsid et " +"ldap_group_objectsid au lieu d'utiliser ldap_user_uid_number et " +"ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"Cette fonctionnalité ne prend actuellement en charge que la correspondance " +"par objectSID avec Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "ldap_min_id, ldap_max_id (entiers)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"Au contraire de la mise en correspondance d'identifiants s'appuyant sur les " +"SID utilisée si ldap_id_mapping est positionné à true, les plages " +"d'identifiants autorisés pour ldap_user_uid_number et ldap_group_gid_number " +"n'ont pas de limite. Dans une configuration avec des sous-domaines ou des " +"domaines approuvés, cela peut engendrer des collisions. Pour les éviter, " +"ldap_min_id et ldap_max_id peuvent être configurés afin de restreindre les " +"plages d'identifiants autorisées lues directement depuis le serveur. Les " +"sous-domaines peuvent ensuite choisir d'autres plages pour leurs propres " +"identifiants." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "Par défaut : non indiqué (les deux options sont à 0)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" +"Définit le mécanisme SASL à utiliser. Actuellement, seul GSSAPI est testé et " +"pris en charge." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" +"Définit l'identité à utiliser pour l'autorisation SASL. Lorsque GSSAPI est " +"utilisé, c'est l'identifiant Kerberos principal utilisé pour s'authentifier " +"à l'annuaire. Cette option peut soit contenir le principal complet (par " +"exemple host/myhost@EXAMPLE.COM), soit juste le nom du principal (par " +"exemple host/myhost)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "Par défaut : host/hostname@REALM" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Spécifie le domaine SASL à utiliser. Si non spécifié, cette option prend par " +"défaut la valeur de krb5_realm. Si le ldap_sasl_authid contient aussi le " +"domaine, cette option est ignorée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "Par défaut : la valeur de krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Si true, la bibliothèque LDAP effectue une recherche inversée pour canoniser " +"le nom de l'hôte au cours d'une liaison SASL." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "Défaut : false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" +"Définit le fait que le fournisseur d'identité doit initialiser les données " +"d'identification Kerberos (TGT). Cette action est effectuée seulement si " +"SASL est utilisé et que le mécanisme choisi est GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "Par défaut : 86400 (24 heures)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Spécifie par ordre de préférence la liste séparée par des virgules des " +"adresses IP ou des noms de systèmes des serveurs Kerberos auquel SSSD doit " +"se connecter. Pour plus d'informations sur la redondance de bascule et la " +"redondance de serveur, consulter la section <quote>BASCULE</quote>. Un " +"numéro de port facultatif (précédé de deux-points) peut être ajouté aux " +"adresses ou aux noms de systèmes. Si vide, la découverte de services est " +"activée - pour plus d'informations, se reporter à la section de " +"<quote>DÉCOUVERTE DE SERVICES</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Lors de l'utilisation de découverte de services pour le KDC ou les serveurs " +"kpasswd, SSSD recherche en premier les entrées DNS qui définissent _udp " +"comme protocole, et passe sur _tcp si aucune entrée n'est trouvée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Cette option s'appelait <quote>krb5_kdcip</quote> dans les versions " +"précédentes de SSSD. Bien que ce nom soit toujours reconnu à l'heure " +"actuelle, il est conseillé de migrer les fichiers de configuration vers " +"l'utilisation de <quote>krb5_server</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Spécifie si le principal de l'hôte doit être rendu canonique lors de la " +"connexion au serveur LDAP. Cette fonctionnalité est disponible avec MIT " +"Kerberos > = 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"Indique si SSSD doit préciser aux bibliothèques Kerberos quels domaine et " +"KDC utiliser. Cette option est activée par défaut, si elle est désactivée, " +"la bibliothèque Kerberos doit être configurée à l'aide du fichier de " +"configuration <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Consulter la page de manuel de <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> pour plus d'informations sur le greffon de " +"localisation." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Détermine la politique d'expiration des mots de passe côté client. Les " +"valeurs suivantes sont acceptées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> : aucun évaluation du côté client. Cette option ne " +"peut pas désactiver la politique sur les mots de passe du côté serveur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" +"<emphasis>shadow</emphasis> - Utiliser les attributs de style " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour évaluer si le mot de passe a expiré." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> : utilise les attributs utilisés par MIT " +"Kerberos pour déterminer si le mot de passe a expiré. Utiliser " +"chpass_provider=krb5 afin de modifier ces attributs lorsque le mot de passe " +"est changé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Note</emphasis> : si une politique de mots de passe est configurée " +"côté serveur, elle prend le pas sur la politique indiquée avec cette option." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "Définit si le déréférencement automatique doit être activé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Veuillez noter que sssd ne supporte que le déréférencement que lorsqu'il est " +"compilé avec OpenLDAP version 2.4.13 ou supérieur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" +"La déréférenciation de références peut subir une altération notable des " +"performances dans les environnements qui les utilisent fortement, un exemple " +"notable étant Microsoft Active Directory. Si votre installation ne nécessite " +"pas l'utilisation des références, affecter false à cette option devrait " +"permettre d'améliorer de façon notable les performances." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Définit le nom de service à utiliser quand la découverte de services est " +"activée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "Par défaut : ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Définit le nom de service à utiliser pour trouver un serveur LDAP autorisant " +"un changement de mot de passe quand la découverte de services est activée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" +"Par défaut : non défini, c'est-à-dire que le service de découverte est " +"désactivé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Spécifie s'il faut mettre à jour l'attribut ldap_user_shadow_last_change " +"avec le nombre de jours depuis Epoch après l'opération de changement de mot " +"de passe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "Exemple :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"Cet exemple signifie que l'accès à cet hôte est restreint aux utilisateurs " +"dont l'attribut employeeType est « admin »." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" +"Le cache hors-ligne pour cette fonctionnalité est limité à la détermination " +"du fait que la dernière connexion en ligne de l'utilisateur a été autorisée. " +"Si tel était le cas, l'accès sera conservé en mode hors-ligne et vice-versa." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "Par défaut : vide" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Avec cette option une évaluation du côté client des contrôles d'accès peut " +"être activée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Veuillez noter qu'il est toujours recommandé d'utiliser un contrôle d'accès " +"du côté serveur, c'est-à-dire que le serveur LDAP doit refuser une requête " +"de connexion avec un code erreur approprié même si le mot de passe est " +"correct." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "Les valeurs suivantes sont autorisées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis> : utiliser la valeur de ldap_user_shadow_expire " +"pour déterminer si le compte a expiré." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis> : utilise la valeur du champ 32 bits " +"ldap_user_ad_user_account_control et autorise l'accès si le deuxième bit " +"n'est pas défini. Si l'attribut est manquant, l'accès est autorisé. La date " +"d'expiration du compte est aussi vérifiée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis> : utilise la valeur de ldap_ns_account_lock afin de vérifier si " +"l'accès est autorisé ou non." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis> : les valeurs de " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled et " +"ldap_user_nds_login_expiration_time sont utilisées pour vérifier si l'accès " +"est autorisé. Si les deux attributs sont manquants, l'accès est autorisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Noter que l'option de configuration ldap_access_order <emphasis>doit</" +"emphasis> inclure <quote>expire</quote> de façon à permettre à l'option " +"ldap_account_expire_policy de fonctionner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Liste séparées par des virgules des options de contrôles d'accès. Les " +"valeurs autorisées sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis> : utiliser l'attribut " +"authorizedService pour déterminer l'accès" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "Par défaut : filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Veuillez noter qu'une valeur utilisée plusieurs fois résulte en une erreur " +"de configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "ldap_deref (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Définit comment le déréférencement de l'alias est effectué lors d'une " +"recherche. Les options suivantes sont autorisées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis> : Les alias sont déréférencés comme des " +"subordonnés de l'objet de base, mais pas en localisant l'objet de base de la " +"recherche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis> : les alias sont seulement déréférencés lors de " +"la localisation de l'objet de base de la recherche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis> : les alias sont déréférencés à la fois pour la " +"recherche et et la localisation de l'objet de base de la recherche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Par défaut : vide (ceci est traité comme <emphasis>never</emphasis> par les " +"bibliothèques clientes LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Permet de conserver les utilisateurs locaux en tant que membres d'un groupe " +"LDAP pour les serveurs qui utilisent le schéma RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"Dans certains environnements où le schéma RFC2307 est utilisé, les " +"utilisateurs locaux deviennent membres du groupes LDAP en ajoutant leurs " +"noms à l'attribut memberUid. La cohérence du domaine est compromise quand " +"cela est fait, SSSD supprimerait normalement les utilisateurs « disparus » " +"des appartenances aux groupes mises en cache dès que nsswitch essaie de " +"récupérer des informations sur l'utilisateur via des appels à getpw*() ou " +"initgoups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"Cette option vérifie en dernier recours si les utilisateurs locaux sont " +"référencés et les met en cache afin que des appels ultérieurs à initgoups() " +"ajoutent les utilisateurs locaux aux groupes LDAP." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "ldap_opt_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Toutes les options de configuration communes appliquées aux domaines SSSD " +"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE " +"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de " +"détails. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "OPTIONS DE SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "La classe d'objet d'une entrée de règle de sudo dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "Par défaut : sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "L'attribut LDAP qui correspond au nom de la règle de sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "L'attribut LDAP qui correspond au nom de la commande." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "Par défaut : sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"L'attribut LDAP qui correspond au nom d'hôte (ou adresse IP de l'hôte, " +"réseau IP de l'hôte ou netgroup de l'hôte)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "Par défaut : sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"L'attribut LDAP qui correspond au nom d'utilisateur (ou UID, le nom du " +"groupe ou netgroup de l'utilisateur)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "Par défaut : sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "L'attribut LDAP qui correspond aux options sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "Par défaut : sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"L'attribut LDAP qui correspond aux commandes peuvent être exécutées sous le " +"nom d'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "Par défaut : sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"L'attribut LDAP qui correspond au nom du groupe ou GID du groupe sous lequel " +"les commandes seront être exécutées." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "Par défaut : sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"L'attribut LDAP qui correspond à la date/heure de début pour laquelle la " +"règle sudo est valide." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "Par défaut : sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"L'attribut LDAP qui correspond à la date/heure d'expiration, après quoi la " +"règle sudo ne sera plus valide." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "Par défaut : sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "L'attribut LDAP qui correspond à l'index de tri de la règle." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "Par défaut : sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"La durée en secondes pendant laquelle SSSD va attendre entre deux " +"actualisations complètes des règles de sudo (qui téléchargent toutes les " +"règles qui sont stockées sur le serveur)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"La valeur doit être supérieure à <emphasis>ldap_sudo_smart_refresh_interval</" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "Par défaut : 21600 (6 heures)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" +"La durée en secondes pendant laquelle SSSD doit attendre avant d'exécuter " +"une actualisation intelligente des règles sudo (qui télécharge toutes les " +"règles qui ont un USN supérieur à l'USN le plus élevé des règles mises en " +"cache)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Si les attributs USN ne sont pas pris en charge par le serveur, l'attribut " +"modifyTimestamp est utilisé à la place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Si true, SSSD téléchargera les seules règles qui s'appliquent à cette " +"machine (à l'aide de l'adresse de système ou de réseau IPv4 ou IPv6 et des " +"noms de systèmes)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Liste séparés par des espaces des noms de systèmes ou de domaines qui " +"doivent être utilisés pour filtrer les règles." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Si cette option est vide, SSSD va essayer de découvrir automatiquement le " +"nom de système et le nom de domaine pleinement qualifié." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Si <emphasis>ldap_sudo_use_host_filter</emphasis> est <emphasis>false</" +"emphasis>, alors cette option n'a aucun effet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "Par défaut : non spécifié" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Liste séparés par des espaces d'adresses de système ou de réseaux IPv4 ou " +"IPv6 qui doivent être utilisés pour filtrer les règles." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Si cette option est vide, SSSD va essayer de découvrir les adresses " +"automatiquement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Si elle est vraie alors SSSD téléchargera toutes les règles qui contient un " +"netgroup dans l'attribut sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Si positionnée à true, SSSD téléchargera toutes les règles qui contiennent " +"un joker dans l'attribut sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Cette page de manuel décrit uniquement le mappage de noms d'attribut. Pour " +"une explication détaillée des sémantiques d'attributs relatives à sudo, cf. " +"<citerefentry><refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "OPTIONS AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "Le nom de la table de montage automatique maîtresse dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "Par défaut : auto.master" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" +"La classe d'objet d'une entrée de table de montage automatique dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "Par défaut : automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "Le nom d'une entrée de table de montage automatique dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +#, fuzzy +#| msgid "" +#| "The key of an automount entry in LDAP. The entry usually corresponds to a " +#| "mount point." +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond " +"généralement à un point de montage." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: automountMap" +msgid "Default: automount" +msgstr "Par défaut : automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond " +"généralement à un point de montage." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "Par défaut : automountInformation" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "OPTIONS AVANCÉES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et que LDAP " +"pointe sur un des domaines de la section <replaceable>[domains]</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Les descriptions de quelques unes des options de configuration des pages de " +"manuel sont basées sur le manuel de <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> de la distribution " +"de OpenLDAP 2.4." + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>Le projet SSSD - http://" +"fedorahosted.org/sssd</orgname>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "Module PAM pour SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> est l'interface PAM pour le démon des services " +"de sécurité système (SSSD). Les erreurs et résultats sont journalisés par " +"<command>syslog(3)</command> avec l'argument LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "Supprimer les messages de journal pour les utilisateurs inconnus." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Si <option>forward_pass</option> est défini, le mot de passe saisi est " +"inséré en mémoire pour les autres modules PAM utilisés." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"L'argument use_first_pass force le module à utliser un module de mot de " +"passe déjà en mémoire et n'en fera jamais la demande à l'utilisateur. Si " +"aucun mot de passe n'est disponible ou que celui-ci n'est pas approprié, " +"l'utilisateur verra son accès refusé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Lorsque le changement de mot de passe force le module à modifier le mot de " +"passe par celui fourni par un module de mot de passe déjà chargé en mémoire." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Si définit, on demande le mot de passe à l'utilisateur encore N fois si " +"l'authentification échoue. Par défaut : 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Veuillez noter que cette option peut ne pas fonctionner comme attendu si " +"l'application qui appelle PAM gère lui-même les dialogues avec " +"l'utilisateur. Un exemple typique est <command>sshd</command> avec " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "TYPES DE MODULES FOURNIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Tous les types de module (<option>account</option>, <option>auth</option>, " +"<option>password</option> et <option>session</option>) sont fournis." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "FICHIERS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Si une réinitialisation par root d'un mot de passe échoue parce que le " +"fournisseur SSSD correspondant ne prend pas en charge la réinitialisation de " +"mot de passe, un message spécifique peut être affiché. Ce message peut, par " +"exemple, contenir les instructions permettant la réinitialisation." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Le message est lu depuis le fichier <filename>pam_sss_pw_reset_message.LOC</" +"filename> où LOC représente une chaîne de paramètres régionaux retournée par " +"<citerefentry><refentrytitle>setlocale</refentrytitle> <manvolnum>3</" +"manvolnum></citerefentry>. Si il n'y a aucun fichier correspondant, le " +"contenu de <filename>pam_sss_pw_reset_message.txt</filename> est affiché. " +"L'utilisateur root doit être le propriétaire des fichiers et seul root peut " +"avoir les autorisations en lecture et en écriture alors que tous les autres " +"utilisateurs doivent avoir les autorisations en lecture seule." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Ces fichiers sont recherchés dans le dossier <filename>/etc/sssd/customize/" +"NOM_DE_DOMAINE/</filename>. Si aucun fichier correspondant n'est présent, un " +"message spécifique est affiché." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Greffon de localisation Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Le greffon de localisation Kerberos <command>sssd_krb5_locator_plugin</" +"command> est utilisé par le fournisseur Kerberos de " +"<citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> pour indiquer aux bibliothèques Kerberos quel domaine et quel " +"KDC à utiliser. En général, cela se fait en " +"<citerefentry><refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> qui est toujours lu par les bibliothèques de " +"Kerberos. Pour simplifier la configuration, le Domaine et le KDC peuvent " +"être définis dans <citerefentry><refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> comme indiqué dans " +"<citerefentry><refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" +"<citerefentry><refentrytitle>SSSD</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> met le nom de domaine et le nom ou adresse IP du KDC dans les " +"variables d'environnement SSSD_KRB5_REALM et SSSD_KRB5_KDC respectivement. " +"Lorsque <command>sssd_krb5_locator_plugin</command> est appelé par les " +"bibliothèques de kerberos, il lit et évalue ces variables et les transmet " +"aux bibliothèques." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Toutes les versions de Kerberos ne prennent en charge l'utilisation de " +"greffons. Si <command>sssd_krb5_locator_plugin</command> n'est pas présent " +"sur votre système, il faut modifier /etc/krb5.conf pour s'adapter à la " +"configuration de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur " +"quelconque, des messages de débogage seront envoyés sur la sortie standard " +"d'erreur." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"le fichier de configuration pour le fournisseur de contrôle d'accès « " +"simple » de SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du fournisseur de contrôle " +"d'accès simple de <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Pour plus de détails sur la " +"syntaxe, cf. la section <quote>FORMAT DE FICHIER</quote> de la page de " +"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Le fournisseur d'accès simple autorise les accès à partir de listes " +"d'autorisation ou de refus de noms d'utilisateurs ou de groupes. Les règles " +"suivantes s'appliquent :" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Si toutes les listes sont vides, l'accès est autorisé" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Si une liste est fournie, quelle qu'elle soit, l'ordre d'évaluation est " +"allow,deny. Autrement dit une règle de refus écrasera une règle " +"d'autorisation." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Si la ou les listes fournies sont seulement de type « allow », tous les " +"utilisateurs sont refusés à moins qu'ils ne soient dans la liste." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Si seulement les listes « deny » sont utilisées, tous les utlisateurs sont " +"autorisés à moins qu'ils ne soient dans la liste." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" +"Liste séparée par des virgules d'utilisateurs autorisés à se connecter." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Liste séparée par des virgules d'utilisateurs dont l'accès sera refusé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Liste séparée par des virgules de groupes autorisés à se connecter. Ceci ne " +"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " +"pas pris en compte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Liste séparée par des virgules de groupes dont l'accès sera refusé. Ceci ne " +"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " +"pas pris en compte." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Se référer à la section <quote>SECTIONS DE DOMAINE</quote> de la page de " +"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour les détails sur la configuration d'un " +"domaine SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Ne spécifier aucune valeur pour aucune des listes revient à l'ignorer " +"complètement. Se méfier de ceci lors de la création des paramètres pour le " +"fournisseur simple à l'aide automatique de scripts." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Veuillez noter que la configuration simultanée de simple_allow_users et " +"simple_deny_users est une erreur." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et que example." +"com est un des domaines dans la section <replaceable>[sssd]</replaceable>. " +"Ces exemples montrent seulement les options spécifiques du fournisseur " +"d'accès simple." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Fournisseur IPA SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du fournisseur IPA pour " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Pour une référence détaillée sur la syntaxe, veuillez " +"regarder la section <quote>FORMAT DE FICHIER</quote> de la page de manuel " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"Le fournisseur IPA est le moteur pour se connecter à un serveur IPA. (Cf. le " +"site freeipa.org pour plus d'informations sur les serveurs IPA). Ce " +"fournisseur nécessite que la machine soit joignable pour le domaine IPA ; la " +"configuration est presque entièrement obtenue et auto-découverte à partir du " +"serveur." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"Le fournisseur IPA accepte les mêmes options utilisées par le fournisseur " +"d'identité <citerefentry><refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> et le fournisseur d'authentification " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" +"Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le " +"fournisseur IPA peut également servir comme fournisseur d'accès et chpass. " +"En tant que fournisseur d'accès, il utilise des règles HBAC (host-based " +"access control). Veuillez consulter freeipa.org pour plus d'informations sur " +"HBAC. Aucune configuration de fournisseur d'accès n'est requise côté client." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"Le fournisseur IPA utilisera le répondeur PAC si les tickets Kerberos " +"d'utilisateurs de domaines Kerberos approuvés contiennent un PAC. Pour " +"rendre la configuration plus facile, le répondeur PAC est démarré " +"automatiquement si le fournisseur d'ID de IPA est configuré." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "ipa_domain (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Définit le nom du domaine IPA. Facultatif, s'il n'est pas fourni, le nom de " +"domaine de la configuration est utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"La liste par ordre de préférence séparée par des virgules des adresses IP ou " +"des noms de systèmes des serveurs IPA auxquels SSSD doit se connecter . Pour " +"plus d'informations sur la redondance de serveurs et la bascule, consulter " +"la section <quote>BASCULE</quote>. Ceci est facultatif si la découverte " +"automatique est activée. Pour plus d'informations sur la découverte de " +"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" +"Facultatif. Peut être défini pour des machines dont le hostname(5) ne " +"reflète pas le nom de domaine pleinement qualifié du domaine IPA pour " +"identifier l'hôte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" +"Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le " +"serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour " +"est sécurisée avec GSS-TSIG. L'adresse IP de la connexion LDAP IPA est " +"utilisée pour les mises à jour, à moins qu'elle ne soit spécifiée par " +"l'utilisation de l'option <quote>dyndns_iface</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"NOTE : Sur les systèmes plus anciens (tels que RHEL 5), afin que ce " +"comportement fonctionne de façon fiable, le domaine Kerberos par défaut doit " +"être défini correctement dans /etc/krb5.conf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " +"<emphasis>ipa_dyndns_update</emphasis>, les utilisateurs doivent maintenant " +"utiliser <emphasis>dyndns_update</emphasis> dans leur fichier de " +"configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"Le TTL à appliquer à l'enregistrement du client DNS lors de sa mise à jour. " +"Si dyndns_update a la valeur false, cela n'a aucun effet. Cela remplacera le " +"TTL côté serveur s'il est défini par un administrateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " +"<emphasis>ipa_dyndns_ttl</emphasis>, les utilisateurs doivent maintenant " +"utiliser <emphasis>dyndns_ttl</emphasis> dans leur fichier de configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "Par défaut : 1200 (secondes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +#, fuzzy +#| msgid "" +#| "Optional. Applicable only when dyndns_update is true. Choose the " +#| "interface whose IP address should be used for dynamic DNS updates." +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" +"Facultatif. Applicable seulement quand dyndns_update est vrai. Choisit " +"l'interface dont l'adresse IP sera utilisée pour les mises à jour dynamiques " +"du DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " +"<emphasis>ipa_dyndns_iface</emphasis>, les utilisateurs doivent maintenant " +"utiliser <emphasis>dyndns_iface</emphasis> dans leur fichier de " +"configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "Par défaut : utilise l'adresse IP de la connexion IPA LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "Active les sites DNS - découverte de service basée sur l'emplacement" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Si true et que la découverte de service (cf. le paragraphe Découverte de " +"service au bas de la page de manuel) est activée, alors SSSD tentera d'abord " +"une découverte basée sur l'emplacement en utilisant une requête contenant " +"« _location.hostname.example.com », puis reviendra à une découverte SRV " +"traditionnelle. Si la découverte basée sur l'emplacement réussit, les " +"serveurs IPA ainsi découverts sont traités comme serveurs primaires, et les " +"serveurs identifiés via la découverte basée sur les enregistrements SRV " +"seront utilisés comme serveurs de repli" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"Fréquence de mise à jour des DNS par le moteur en plus des mises à jour " +"automatiques effectuées lorsque le moteur arrive en ligne. Cette option est " +"facultative, et n'est applicable que lorsque l'option dyndns_update est " +"configurée à true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"Selon que l'enregistrement PTR doit être explicitement mis à jour lors de la " +"mise à jour des enregistrements DNS du client. Applicable uniquement lorsque " +"l'option dyndns_update est configurée à true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Cette option doit être positionnée à False pour la plupart des déploiements " +"IPA, puisque le serveur IPA crée les enregistrements PTR automatiquement " +"quand les enregistrements directs sont modifiés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "Par défaut : False (désactivé)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"Selon que l'utilitaire nsupdate doit utiliser TCP par défaut pour la " +"communication avec le serveur DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_server (string)" +msgstr "dyndns_iface (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +#, fuzzy +#| msgid "Default: False (let nsupdate choose the protocol)" +msgid "Default: None (let nsupdate choose the server)" +msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets " +"HBAC associés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "Par défaut : utilise le DN de base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger " +"des objets." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Cf. <quote>ldap_search_base</quote> pour plus d'informations sur la " +"configuration des bases de recherche multiples." + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " +"mappages utilisateur SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " +"domaines approuvés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche objet de " +"domaine maître." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" +"Noter que cette valeur par défaut diffère du moteur de traitement Kerberos " +"original." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Le nom du domaine Kerberos. Facultatif, prend comme valeur par défaut la " +"valeur de <quote>ipa_domain</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"Le nom du domaine Kerberos a une signification spéciale dans IPA. Il est " +"convertit en DN de base pour effectuer les opérations LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" +"Spécifie si l'hôte et l'utilisateur principal doivent être rendus canoniques " +"lors des connexions au serveur LDAP de IPA, mais aussi pour les requêtes AS. " +"Cette fonctionnalité est disponible avec MIT Kerberos > = 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Active le flexible authentication secure tunneling (FAST) pour la pré-" +"authentification Kerberos. Les options suivantes sont supportées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "<emphasis>never</emphasis> : ne jamais utiliser FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" +"<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne prend " +"pas en charge FAST, continuer l'authentification sans. Ceci équivaut à ne " +"pas définir cette option." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demander</emphasis>  : imposer d'utiliser FAST. L'authentification " +"échoue si le serveur ne requiert pas FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "Par défaut : try" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"NOTE : SSSD prend en charge le paramètre FAST uniquement avec MIT Kerberos " +"version 1.8 et au-delà. L'utilisation de SSSD avec une version antérieure de " +"MIT Kerberos avec cette option est une erreur de configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela " +"permet de réduire le temps de latence et la charge du serveur IPA si il y a " +"beaucoup de requêtes de contrôle d'accès sur une courte période." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "Par défaut : 5 (secondes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"Le temps entre les recherches de cartes SELinux sur un serveur IPA. Cela " +"réduit le temps de latence et la charge du serveur IPA s'il y a beaucoup de " +"requêtes de connexions utilisateurs sur une courte période." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" +"Cette option indique que SSSD fonctionne sur un serveur IPA et doit " +"effectuer différemment ses recherches d'utilisateurs et groupes depuis les " +"domaines approuvés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "L'emplacement à automonter qu'utilisera ce client IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "Par défaut : Le lieu nommé « default »" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "ipa_overide_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "FOURNISSEURS DE SOUS-DOMAINES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"Le fournisseur de sous-domaines IPA se comporte un peu différemment s'il est " +"configuré explicitement ou implicitement." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Si l'option « subdomains_provider = ipa » se trouve dans la section domaine " +"de sssd.conf, le fournisseur de sous-domaines d'IPA est configuré " +"explicitement, et toutes les demandes de sous-domaines sont envoyées au " +"serveur IPA si nécessaire." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Si l'option « subdomains_provider » n'est pas définie dans la section " +"domaine de sssd.conf, mais qu'il y a l'option « id_provider = ipa », le " +"fournisseur de sous-domaines IPA est configuré implicitement. Dans ce cas, " +"si une demande de sous-domaine échoue et indique que le serveur ne prend pas " +"en charge les sous-domaines, c'est-à-dire qu'il n'est pas configuré pour les " +"relations d'approbations, le fournisseur de sous-domaines IPA est désactivé. " +"Après une heure ou après que le fournisseur IPA arrive en ligne, le " +"fournisseur de sous-domaines est à nouveau activé." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et example.com " +"est un des domaines de la section <replaceable>[sssd]</replaceable>. Ces " +"exemples montrent seulement les options spécifiques au fournisseur IPA." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Fournisseur Active Directory SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du fournisseur AD pour " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section " +"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" +"Le fournisseur AD est un moteur utilisé pour se connecter à un serveur " +"Active Directory. Ce fournisseur exige que la machine soit jointe au domaine " +"AD et qu'un fichier keytab soit disponible." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"Le fournisseur AD prend en charge la connexion à Active Directory 2008 R2 ou " +"ultérieures. Les versions antérieures peuvent fonctionner, mais ne sont pas " +"supportées." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"Le fournisseur AD accepte les mêmes options utilisées par le fournisseur " +"d'identité <citerefentry><refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> et le fournisseur d'authentification " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +#, fuzzy +#| msgid "" +#| "However, it is neither necessary nor recommended to set these options. " +#| "IPA provider can also be used as an access and chpass provider. As an " +#| "access provider it uses HBAC (host-based access control) rules. Please " +#| "refer to freeipa.org for more information about HBAC. No configuration of " +#| "access provider is required on the client side." +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" +"Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le " +"fournisseur IPA peut également servir comme fournisseur d'accès et chpass. " +"En tant que fournisseur d'accès, il utilise des règles HBAC (host-based " +"access control). Veuillez consulter freeipa.org pour plus d'informations sur " +"HBAC. Aucune configuration de fournisseur d'accès n'est requise côté client." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "ad_domain (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Spécifie le nom du domaine Active Directory. Ceci est facultatif. S'il " +"n'est pas fourni, le nom de domaine de la configuration est utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Pour un fonctionnement correct, cette option doit être le nom long du " +"domaine Active Directory, spécifié en minuscules." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Le nom de domaine court (aussi connu comme le nom NetBIOS ou nom plat) est " +"autodétecté par SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +#, fuzzy +#| msgid "" +#| "The comma-separated list of hostnames of the AD servers to which SSSD " +#| "should connect in order of preference. For more information on failover " +#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is " +#| "optional if autodiscovery is enabled. For more information on service " +#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"La liste par ordre de préférence séparée par des virgules des noms de " +"systèmes des serveurs AD auquel SSSD doit se connecter. Pour plus " +"d'informations sur la redondance de serveurs et la bascule, consulter la " +"section <quote>BASCULE</quote>. Ceci est facultatif si la découverte " +"automatique est activée. Pour plus d'informations sur la découverte de " +"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "ad_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" +"Facultatif. Peut être défini sur les machines où le hostname(5) ne reflète " +"pas le nom pleinenent qualifié utilisé dans le domaine Active Directory pour " +"identifier ce système." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" +"Ce champ est utilisé pour déterminer le principal d'hôte utilisé dans un " +"fichier keytab. Elle doit correspondre au nom du système pour lequel a été " +"publié un fichier keytab." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Si configuré à true et que la découverte de service (cf. le paragraphe " +"Découverte de service au bas de la page de manuel) est activée, SSSD tentera " +"d'abord de découvrir le serveur Active Directory auquel se connecter en " +"utilisant Active Directory Site Discovery, puis se repliera sur " +"l'utilisation des enregistrements DNS SRV si aucun site AD n'est trouvé. La " +"configuration SRV du DNS, incluant la découverte de domaine, est aussi " +"utilisée pendant la découverte de site." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" +"# applique le filtre sur le seul domaine dom1 :\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# applique le filtre sur le seul domaine dom2 :\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# applique le filtre sur la seule forêt nommée EXAMPLE.COM :\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "Par défaut : non défini" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "ad_site (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "Il existe trois valeurs prises en charge pour cette option :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "Par défaut : permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "Par défaut : 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +#, fuzzy +#| msgid "pam_account_expired_message (string)" +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "pam_account_expired_message (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Par défaut : 86400 (24 heures)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le " +"serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour " +"est sécurisée avec GSS-TSIG. Ainsi, l'administrateur Active Directory a " +"uniquement besoin d'activer les mises à jour sécurisées pour la zone DNS. " +"L'adresse IP de la connexion LDAP AD est utilisée pour les mises à jour, à " +"moins qu'elle ne soit spécifiée par l'utilisation de l'option " +"<quote>dyndns_iface</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "Par défaut : 3600 (secondes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +#, fuzzy +#| msgid "Default: Use the IP address of the AD LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "Par défaut : utilise l'adresse IP de la connexion LDAP AD" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "Par défaut : True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"Indique si le principal de l'utilisateur doit être traité comme un principal " +"d'entreprise. Cf. la section 5 de la RFC 6806 pour plus de détails sur les " +"principals d'entreprise." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et example.com " +"est un des domaines de la section <replaceable>[sssd]</replaceable>. Ces " +"exemples montrent seulement les options spécifiques au fournisseur AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Le fournisseur de contrôle d'accès AD vérifie si le compte a expiré. Cela a " +"le même effet que la configuration suivante du fournisseur LDAP : " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Configuration de sudo avec le moteur SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"Cette page de manuel décrit comment configurer " +"<citerefentry><refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> pour travailler avec <citerefentry><refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry> et comment SSSD met " +"en cache les règles sudo." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Configuration de sudo pour coopérer avec SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Pour activer SSSD comme source pour les règles de sudo, ajouter " +"<emphasis>sss</emphasis> à l'entrée <emphasis>sudoers</emphasis> dans " +"<citerefentry><refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Par exemple, pour configurer sudo pour rechercher d'abord les règles dans le " +"fichier standard <citerefentry><refentrytitle>sudoers</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> (qui doit contenir les règles qui " +"s'appliquent aux utilisateurs locaux) et ensuite dans SSSD, le fichier " +"nsswitch.conf doit contenir la ligne suivante :" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Plus d'informations sur la configuration de l'ordre de recherche de sudoers " +"depuis le fichier nsswitch.conf, mais aussi les informations sur le schéma " +"LDAP qui est utilisé pour stocker les règles sudo dans l'annuaire sont " +"disponibles dans <citerefentry><refentrytitle>sudoers.ldap</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Configuration de SSSD pour aller chercher les règles de sudo" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"L'exemple suivant montre comment configurer SSSD pour télécharger les règles " +"sudo à partir d'un serveur LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "Le mécanisme de mise en cache de règles SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"Le plus grand défi lors du développement de la prise en charge de sudo dans " +"SSSD était de de s'assurer que l'utilisation d'un sudo exploitant SSSD comme " +"source de données fournissait la même expérience utilisateur et était aussi " +"rapide que sudo, tout en conservant le jeu de règles le plus à jour " +"possible. Pour satisfaire ces exigences, SSSD utilise trois types de mises à " +"jour. Elles sont appelées actualisation complète, rafraîchissement " +"intelligent et rafraîchissement des règles." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"Le <emphasis>rafraîchissement intelligent</emphasis> télécharge " +"périodiquement les règles qui sont nouvelles ou qui ont été modifiées après " +"la dernière mise à jour. Son but premier est d'éviter à la base de données " +"de grossir en allant chercher de petits incréments qui ne génèrent pas de " +"gros de trafic réseau." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"Le <emphasis>rafracîchissement complèt</emphasis> supprime simplement toutes " +"les règles sudo stockées dans le cache et les remplace par toutes les règles " +"qui sont stockées sur le serveur. Ceci est utilisé pour assurer la cohérence " +"de cache en supprimant toutes les règles qui ont été supprimées du serveur. " +"Cependant, un rafraîchissement complet peut produire beaucoup de trafic et " +"doit n'être exécuté qu'occasionnellement selon la taille et de la stabilité " +"des règles sudo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"Le <emphasis>rafraîchissement des règles</emphasis> fait en sorte de ne pas " +"accorder à l'utilisateur plus d'autorisations que défini. Il est déclenché " +"chaque fois que l'utilisateur exécute sudo. L'actualisation des règles " +"trouvera toutes les règles qui s'appliquent à cet utilisateur, vérifie leur " +"date d'expiration et les retéléchargera si elles ont expiré. Dans le cas où " +"l'une de ces règles est manquante sur le serveur, SSSD programmera en " +"parallèle un rafraîchissement complet hors ligne car d'autres règles " +"(s'appliquant à d'autres utilisateurs) peuvent avoir été supprimées." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Si activé, SSSD stocke uniquement les règles qui peuvent être appliquées à " +"cette machine. En d'autres termes, ce sont les règles qui contiennent une " +"des valeurs suivantes dans l'attribut de <emphasis>sudoHost</emphasis> :" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "mot-clé ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "joker" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "netgroup (sous la forme « +netgroup »)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" +"nom de système ou le nom de domaine pleinement qualifié de cette machine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "une des adresses IP de cette machine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "une des adresses IP du réseau (sous la forme « adresse/masque »)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Il existe de nombreuses options de configuration qui peuvent être utilisées " +"pour ajuster le comportement. Consulter « ldap_sudo_ * » dans " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> et « sudo_ * » dans " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> fournit un jeu de démons pour gérer l'accès à des " +"dossiers distants et les mécanismes d'authentification. Il fournit une " +"interface NSS et PAM au travers du système et un moteur système extensible " +"par greffons pour se connecter à de multiples comptes de sources différentes " +"en plus d'une interface D-Bus. C'est aussi un moyen de fournir un moyen " +"d'audit client et une politique de services pour les projets tels que " +"FreeIPA. Il fournit une base de donnée plus robuste pour stocker les " +"utilisateurs locaux ainsi que les données étendues des utilisateurs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis> : Ajouter un horodatage aux messages de débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis> : Désactiver l'horodatage dans les messages de " +"débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis> : Ajouter les microsecondes à l'horodatage dans les " +"messages de débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis> : Désactiver les microsecondes dans l'horodatage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" +"Envoie la sortie de débogage vers des fichiers plutôt que vers la sortie " +"d'erreur standard. Par défaut, les fichiers de sortie sont stockés dans " +"<filename>/var/log/sssd</filename> et des fichiers différents sont créés " +"pour chaque service et domaine SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "Devenir un démon après le démarrage." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "Tourner en avant-plan et ne pas devenir un démon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Définit un fichier de configuration autre que celui par défaut (<filename>/" +"etc/sssd/sssd.conf</filename>). Pour obtenir des informations sur la syntaxe " +"et les options du fichier de configuration, consulter les pages de manuel de " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "Afficher le numéro de version et quitter." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "Signaux" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Indique à SSSD de fermer normalement tous ses processus fils puis d'arrêter " +"le moniteur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Précise à SSSD de ne plus écrire vers son fichier de débogage actuel, de le " +"fermer et de le rouvrir. Cela permet de faciliter les rotations de fichiers " +"de sortie avec des programmes tels que logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "obscurcir un mot de passe en clair" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> convertit un mot de passe donné en un " +"format illisible par un humain et le place dans la section de domaine " +"appropriée du fichier de configuration SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Le mot de passe en clair est lu dans l'entrée standard ou entré " +"interactivement. Les mots de passes chiffrés sont mis dans " +"<quote>ldap_default_authtok</quote> pour un domaine SSSD donné et le " +"paramètre <quote>ldap_default_authtok_type</quote> est défini à " +"<quote>obfuscated_password</quote>. Cf. <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de " +"détails sur ces paramètres." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Veuillez noter que les mots de passe chiffrés ne fournissent <emphasis>aucun " +"réel bénéfice de sécurité</emphasis> étant donné qu'il est possible de " +"retrouver le mot de passe par ingénierie-inverse. Utiliser un meilleur " +"mécanisme d'authentification tel que les certificats côté client ou GSSAPI " +"est <emphasis>très</emphasis> conseillé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "Le mot de passe chiffré sera lu sur l'entrée standard." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"Le domaine SSSD auquel est lié le mot de passe. Le nom par défaut est " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FICHIER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "Lit le fichier de configuration spécifié par le paramètre." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Par défaut : <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_userdel" +msgid "sss_override" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +#, fuzzy +#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "SUDO OPTIONS" +msgid "COMMON OPTIONS" +msgstr "OPTIONS DE SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "Those options are available with all commands." +msgstr "Cette option n'est pas disponible dans le fournisseur IPA." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "sss_useradd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "créer un utilisateur" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>UTILISATEUR</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" +"<command>sss_useradd</command> crée un nouveau compte utilisateur en " +"utilisant les valeurs spécifiées en ligne de commande auquelles sont " +"ajoutées les valeurs par défaut du système." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Définit l'UID de l'utilisateur à la valeur <replaceable>UID</replaceable>. " +"Si non précisé, il est choisit automatiquement." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENTAIRE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme " +"champ pour le nom entier de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" +"Le répertoire personnel du compte utilisateur. Par défaut, on ajoute " +"<replaceable>LOGIN</replaceable> à <filename>/home</filename> et on utilise " +"cela comme dossier personnel. La base précédent <replaceable>LOGIN</" +"replaceable> est modifiable avec le paramètre <quote>user_defaults/" +"baseDirectory</quote> de sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" +"L'interpréteur de commande de l'utilisateur. La valeur par défaut actuelle, " +"<filename>/bin/bash</filename>, peut être modifiée avec le paramètre " +"<quote>user_defaults/defaultShell</quote> dans sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPES</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "Une liste de groupes existants dont l'utilisateur est aussi membre." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "<option>-m</option>,<option>--create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" +"Crée le répertoire personnel de l'utilisateur s'il n'existe pas. Les " +"fichiers et répertoires inclus dans le répertoire squelette (pouvant être " +"définis avec l'option -k ou dans le fichier de configuration) sont copiés " +"dans le dossier personnel." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" +"Ne pas créer de dossier personnel pour l'utilisateur. Écrase les paramètres " +"de configuration." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" +"Le répertoire squelette, contenant les fichiers et répertoires à copier dans " +"le répertoire personnel de l'utilisateur, quand le répertoire personnel est " +"créé par <command>sss_useradd</command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" +"Les fichiers spéciaux (périphériques blocs, caractères, tubes nommés et " +"sockets unix) ne seront pas copiés." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" +"L'option n'est valide que si l'option <option>-m</option> (ou <option>--" +"create-home</option>) est utilisée ou si la création de répertoires " +"personnels est à TRUE dans la configuration." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>UTILISATEUR_SELINUX</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" +"L'utilisateur SELinux pour la connexion utilisateur. Si non spécifié, la " +"valeur par défaut du système est utilisée." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "Fournisseur Kerberos SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du moteur d'authentification de " +"Kerberos 5 pour <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Pour une référence détaillée sur " +"la syntaex, veuillez vous référer à la section <quote>FORMAT DE FICHIER</" +"quote> du manuel de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Le moteur d'authentification Kerberos 5 contient les fournisseurs " +"d'authentification et de changement de mot de passe. Il doit être couplé " +"avec un fournisseur d'identité de manière à fonctionner proprement (par " +"exemple, id_provider = ldap). Plusieurs informations requises par le moteur " +"d'authentification Kerberos 5 doivent être fournies par le fournisseur " +"d'identité, telles que le nom du principal de l'utilisateur Kerberos (UPN). " +"La configuration du fournisseur d'identité doit avoir une entrée pour " +"spécifier l'UPN. Veuillez vous référer aux pages du manuel du fournisseur " +"d'identité ad-hoc pour pouvoir le configurer." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"Ce moteur fournit aussi un contrôle d'accès sur le fichier .k5login dans le " +"répertoire personnel de l'utilisateur. Voir <citerefentry> <refentrytitle>." +"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> pour plus de " +"détails. Veuillez noter qu'un fichier .k5login vide interdira tout accès " +"pour cet utilisateur. Pour activer cette option, utilisez « access_provider " +"= krb5 » dans votre configuration de SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"Dans le cas où l'UPN n'est pas valide dans le moteur d'identité, " +"<command>sssd</command> construira un UPN en utilisant le format " +"<replaceable>utilisateur</replaceable>@<replaceable>krb5_realm</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Spécifie la liste séparée par des virgules des adresses IP ou des noms de " +"systèmes des serveurs Kerberos auquel SSSD doit se connecter, par ordre de " +"préférence. Pour plus d'informations sur la redondance par bascule et le " +"serveur, consultez la section de <quote>BASCULE</quote>. Un numéro de port " +"facultatif (précédé de deux-points) peut être ajouté aux adresses ou aux " +"noms de systèmes. Si vide, le service de découverte est activé - pour plus " +"d'informations, se reporter à la section <quote>DÉCOUVERTE DE SERVICE</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"Le nom du domaine Kerberos. Cette option est nécessaire et doit être " +"renseignée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Si le service de changement de mot de passe ne fonctionne pas sur le KDC, " +"des serveurs de secours peuvent être définis ici. Un numéro de port " +"facultatif (précédé par un signe deux-points) peut-être être suffixé aux " +"adresses ou aux noms de systèmes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Pour plus d'information sur la bascule et la redondance de serveurs, voir la " +"section <quote>BASCULE</quote>. Noter que même si il n'y a plus de serveurs " +"kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si " +"l'authentification KDC est toujours possible." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Par défaut : utiliser le KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Par défaut : /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (chaîne)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "identifiant de connexion" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "UID de l'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "nom du principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nom de domaine" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "répertoire personnel" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "valeur de krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "l'ID de processus du client SSSD" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "un « % » littéral" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Par défaut : (valeur provenant de libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Délai d'attente, en secondes, après l'annulation d'une requête " +"d'authentification en ligne ou de changement de mot de passe. La requête " +"d'authentification sera effectuée hors-ligne si cela est possible." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"Vérifie à l'aide de krb5_keytab que le TGT obtenu n'a pas été usurpé. Les " +"entrées d'un fichier keytab sont vérifiées dans l'ordre, et la première " +"entrée avec un domaine correspondant est utilisée pour la validation. Si " +"aucune entrée ne correspond au domaine, la dernière entrée dans le fichier " +"keytab est utilisée. Ce processus peut être utilisé pour valider des " +"environnements utilisant l'approbation entre domaines en plaçant l'entrée " +"keytab appropriée comme dernière ou comme seule entrée dans le fichier " +"keytab." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"L'emplacement du fichier keytab à utiliser pour valider les données " +"d'identification obtenues à partir de KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "Par défaut : /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"Stocke le mot de passe de l'utilisateur si le fournisseur est hors-ligne, " +"puis l'utilise pour obtenir un TGT lorsque le fournisseur redevient " +"disponible en ligne." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"NOTE : cette fonctionnalité n'est actuellement disponible que sur les plates-" +"formes Linux. Les mots de passe stockés de cette manière sont conservés en " +"texte brut dans le trousseau de clés du noyau et sont potentiellement " +"accessibles à l'utilisateur root (avec difficulté)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Demande un ticket renouvelable avec une durée de vie totale, donnée par un " +"entier immédiatement suivi par une unité de temps :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> pour secondes" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> pour minutes" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> pour heures" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> pour jours." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée " +"de vie renouvelable de une heure et trente minutes, utiliser « 90m » au lieu " +"de « 1h30m »." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" +"Par défaut : non défini, c'est-à-dire que le TGT n'est pas renouvelable" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Demande un ticket avec une durée de vie, donnée par un entier immédiatement " +"suivi par une unité de temps :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée " +"de vie de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m »." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Par défaut : non défini, c'est-à-dire la durée de vie par défaut configurée " +"dans le KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"La durée, en secondes, entre deux vérifications pour savoir si le TGT doit " +"être renouvelé. Les TGT sont renouvelés si environ la moitié de leur durée " +"de vie est dépassée. Indiquée par un entier immédiatement suivi d'une unité " +"de temps :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Si cette option n'est pas définie ou définie à 0, le renouvellement " +"automatique est désactivé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> : ne jamais utiliser FAST. Ceci équivaut à ne pas " +"définir cette option." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne prend " +"pas en charge FAST, continuer l'authentification sans." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Par défaut : non défini, i.e. FAST n'est pas utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "NOTE : un fichier keytab est requis pour utiliser FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "Spécifie le principal de serveur afin d'utiliser FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"Spécifie si les principaux du système et de l'utilisateur doivent être " +"rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 " +"et versions suivantes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "Par défaut : false (AD provider : true)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Si le module auth krb5 est utilisé dans un domaine SSSD, les options " +"suivantes doivent être utilisées. Cf. la page de manuel " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>, section <quote>SECTIONS DOMAINE</quote> pour plus " +"de détails sur la configuration d'un domaine SSSD. <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et que FOO est " +"l'un des domaines de la section <replaceable>[sssd]</replaceable>. Cet " +"exemple montre uniquement la configuration de l'authentification Kerberos, " +"et n'inclut aucun fournisseur d'identité." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "sss_groupadd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "Créer un nouveau groupe" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" +"<command>sss_groupadd</command> crée un nouveau groupe. Ces groupes sont " +"compatibles avec les groupes POSIX, avec la caractéristique supplémentaire " +"qu'ils peuvent contenir d'autres groupes comme membres." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Positionne le GID du groupe à la valeur <replaceable>GID</replaceable>. Si " +"non spécifié, il est choisi automatiquement." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "Supprimer un compte utilisateur" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" +"<command>sss_userdel</command> supprime du système un utilisateur identifié " +"par son identifiant de connexion <replaceable>LOGIN</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "<option>-r</option>,<option>--remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Les fichiers dans le répertoire ainsi que le répertoire lui-même de " +"l'utilisateur et sa messagerie seront supprimés. Outrepasse la configuration." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "<option>-R</option>,<option>--no-remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Les fichiers dans le répertoire ainsi que le répertoire lui-même de " +"l'utilisateur et sa messagerie ne seront PAS supprimés. Outrepasse la " +"configuration." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "<option>-f</option>,<option>--force</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" +"Cette option oblige <command>sss_userdel</command> à supprimer le répertoire " +"home de l'utilisateur et sa messagerie, même si ils ne sont pas détenus par " +"l'utilisateur spécifié." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "<option>-k</option>,<option>--kick</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" +"Avant de réellement supprimer l'utilisateur, mettre fin à tous ses processus." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "supprimer un groupe" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" +"<command>sss_groupdel</command> supprime du système un groupe identifié par " +"son nom de groupe <replaceable>GROUPE</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "affiche les propriétés d'un groupe" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" +"<command>sss_groupshow</command> affiche des informations sur un groupe " +"identifié par son nom <replaceable>GROUPE</replaceable>. Les informations " +"incluent l'ID de groupe, les membres du groupe ainsi que le groupe parent." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "<option>-R</option>,<option>--recursive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" +"Affiche aussi les membres indirects de groupe dans une hiérarchie " +"arborescente. Noter que cela affecte également les affichages de groupes " +"parents - sans l'option <option>R</option>, seul le parent direct sera " +"affiché." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "modifier un compte utilisateur" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" +"<command>sss_usermod</command> modifie le compte défini par " +"<replaceable>LOGIN</replaceable> pour refléter les modifications fournies en " +"ligne de commande." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "Le répertoire personnel du compte utilisateur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "L'interpréteur de commandes de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Ajouter cet utilisateur aux groupes spécifiés par le paramètre " +"<replaceable>GROUPS</replaceable>. Le paramètre <replaceable>GROUPS</" +"replaceable> est une liste séparée par des virgules de noms de groupes." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Retirer cet utilisateur de groupes spécifiés par le paramètre " +"<replaceable>GROUPS</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "<option>-l</option>,<option>--lock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "Verrouiller le compte utilisateur. Il ne pourra plus se connecter." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "<option>-u</option>,<option>--unlock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "Déverrouiller le compte utilisateur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" +"L'utilisateur SELinux pour l'identifiant de connexion de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "Ajouter une paire attribut/valeur. Le format est nom_attribut=valeur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" +"Définir une paire attribut/valeur. Le format est nom_attribut=valeur. Pour " +"les attributs multi-valués, la commande remplace les valeurs déjà présentes." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" +"Supprimer une paire attribut/valeur. Le format est nom_attribut=valeur." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "effectue le nettoyage du cache" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" +"<command>sss_cache</command> invalide les enregistrements en cache de SSSD. " +"Les documents invalidés sont obligés d'être rechargés à partir de leur " +"serveur d'origine dès que le moteur SSSD redevient disponible en ligne." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "Invalider toutes les entrées en cache hors règles sudo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "Invalider un utilisateur spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"L'annulation de tous les enregistrements d'utilisateur. Cette option prend " +"le pas sur l'invalidation d'un utilisateur spécifique, si elle a été " +"également configuré." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "L'annulation de groupe spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"L'annulation de tous les enregistrements de groupe. Cette option prend le " +"pas sur l'invalidation d'un groupe spécifique si elle a été également " +"définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "Invalide un netgroup spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Invalider tous les enregistrements de netgroup. Cette option prend le pas " +"sur l'invalidation de netgroup spécifiques s'il a été également définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "Invalider le service spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Invalider tous les enregistrements de service. Cette option se substitue à " +"l'invalidation de service spécifique s'elle a également été définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "Invalider des cartes autofs spécifiques." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Invalider toutes les cartes autofs. Cette option remplace l'invalidation de " +"carte spécifique s'elle a également été définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Restreindre le processus d'invalidation à un domaine particulier." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "modifie le niveau de débogage pendant l'exécution de SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" +"<command>sss_debuglevel</command> positionne le niveau de débogage du " +"moniteur et des fournisseurs SSSD à <replaceable>NEW_DEBUG_LEVEL</" +"replaceable> pendant l'exécution de SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "initialise le cache SSSD avec un utilisateur" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> initialise le cache SSSD avec une entrée " +"d'utilisateur et le mot de passe temporaire. Si une entrée d'utilisateur est " +"déjà présente dans le cache de SSSD, l'entrée est mise à jour avec le mot de " +"passe temporaire." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Indique le nom de domaine duquel l'utilisateur est membre. Le domaine est " +"également utilisé pour récupérer les informations sur l'utilisateur. Le " +"domaine doit être configuré dans sssd.conf. L'option <replaceable>DOMAIN</" +"replaceable> doit être fournie. Les informations récupérées depuis le " +"domaine prennent le pas sur ce qui est fourni dans les options." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"Le nom d'utilisateur de l'entrée devant être créée ou modifiée dans le " +"cache. L'option <replaceable>USER</replaceable> doit être fournie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Définit l'UID de l'utilisateur à <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Définit le GID de l'utilisateur à <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Définit le répertoire de l'utilisateur à <replaceable>HOME_DIR</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Définit l'interpréteur de commande de l'utilisateur à <replaceable>SHELL</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Mode interactif pour la saisie des informations de l'utilisateur. Cette " +"option invite uniquement à la saisir des renseignements non fournis dans les " +"options ou non récupérés à partir du domaine." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Spécifie le fichier dans lequel lire le mot de passe de l'utilisateur. (si " +"aucun mot de passe n'est spécifié, il sera demandé)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"La taille du mot de passe (ou la taille du fichier spécifié avec l'option -p " +"ou --password-file) doit être inférieure ou égale à PASS_MAX octets (64 " +"octets sur les systèmes sans valeur globale définie de PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "identifiant de connexion de l'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "identifiant de l'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "identifiant de groupe primaire" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "informations utilisateur, généralement le nom complet" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "interpréteur de commande" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Par défaut : non défini. Seul le jeu d'attributs POSIX par défaut est " +"autorisé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "FICHIER DE CONFIGURATION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "EXTENSION DE CONFIGURATION SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "Section de configuration [sss]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "INTÉGRATION SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VOIR AUSSI" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "obtient les clés OpenSSH autorisées" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> acquiert les clés publiques SSH " +"pour <replaceable>USER</replaceable> et les renvoie dans le format " +"authorized_keys de OpenSSH (cf. la section <quote>FORMAT DE FICHIER " +"AUTHORIZED_KEYS</quote> de <citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> pour plus d'informations)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> peut être configuré pour utiliser " +"<command>sss_ssh_authorizedkeys</command> pour l'authentification " +"d'utilisateur par clé publique s'il est compilé avec la prise en compte des " +"options <quote>AuthorizedKeysCommand</quote> ou <quote>PubkeyAgent</quote> " +"de <citerefentry><refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" +"Si <quote>PubkeyAgent</quote> est pris en charge, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> peut être configuré pour l'utiliser en utilisant la directive " +"suivante de la configuration de <citerefentry><refentrytitle>sshd</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry> : <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Rechercher des clés publiques dans le domaine SSSD <replaceable>DOMAIN</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "CODE RETOUR" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" +"Dans le cas d'un opération achevée avec succès, une valeur de retour de 0 " +"est renvoyée. Dans le cas contraire, 1 est renvoyé." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "obtenir les clés d'hôtes OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> récupère les clés publiques pour " +"le système <replaceable>HOST</replaceable>, les stocke dans un fichier " +"OpenSSH known_hosts spécifique (cf. la section <quote>FORMAT DU FICHIER " +"SSH_KNOWN_HOSTS</quote> de <citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> pour plus d'informations) " +"<filename>/var/lib/sss/pubconf/known_hosts</filename> puis établit la " +"connexion vers le système." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Si <replaceable>PROXY_COMMAND</replaceable> est indiqué, elle est alors " +"utilisée pour établier la connexion vers le système au lieu d'ouvrir une " +"socket." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> peut être configuré pour utiliser " +"<command>sss_ssh_knownhostsproxy</command> pour l'authentication par clés en " +"utilisant les directives suivantes pour la configuration de " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Utiliser le port <replaceable>PORT</replaceable> pour se connecter au " +"système. Par défaut, le port 22 est utilisé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Rechercher les clés publiques dans le domaine SSSD <replaceable>DOMAINE</" +"replaceable> hôte." + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "DÉCOUVERTE DE SERVICE" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"La fonctionnalité de découverte de services permet aux moteurs de trouver " +"automatiquement les serveurs appropriés auxquels se connecter à l'aide d'une " +"requête DNS spéciale. Cette fonctionnalité n'est pas pris en charge pour sur " +"les serveurs secondaires." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuration" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Si aucun serveur n'est spécifié, le moteur utilise automatiquement la " +"découverte de services pour tenter de trouver un serveur. L'utilisateur peut " +"aussi choisir d'utiliser des adresses de serveur et de découverte de " +"services fixes en insérant un mot-clé spécial, <quote>_srv_</quote>, dans la " +"liste des serveurs. L'ordre de préférence est maintenu. Cette fonctionnalité " +"est utile si, par exemple, l'utilisateur préfère utiliser la découverte de " +"services chaque fois que possible et se replier vers un serveur spécifique " +"lorsqu'aucun serveur ne peut être découvert à l'aide du DNS." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Le nom de domaine" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " +"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus de détails." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Le protocole" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Les requêtes spécifient généralement _tcp comme protocole. Les exceptions " +"sont documentées dans les descriptions respectives des options." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Voir aussi" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Pour plus d'informations sur le mécanisme de découverte de services, se " +"reporter à la RFC 2782." + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "BASCULE" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"La fonctionnalité de bascule autorise le moteur à basculer automatiquement " +"sur un serveur différent si le serveur actuel est défaillant." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Syntaxe de bascule" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"La liste des serveurs est donnée sous forme de liste séparée par des " +"virgules ; un nombre quelconque d'espaces est autorisé autour de la virgule. " +"Les serveurs sont répertoriés par ordre de préférence. La liste peut " +"contenir un nombre quelconque de serveurs." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"Pour chaque option de configuration alors que la bascule est activée, il " +"existe deux variantes : <emphasis>primary</emphasis> et <emphasis>backup</" +"emphasis>. L'idée est que les serveurs dans la liste principale sont " +"préférés et les serveurs de secours sont interrogés uniquement si aucun " +"serveur primaire ne peut être atteint. Si un serveur de secours est " +"sélectionné, un délai d'attente de 31 secondes est défini. Après ce délai " +"d'attente, SSSD tentera périodiquement de se reconnecter à un des serveurs " +"primaires. S'il réussit, il remplacera l'actuel serveur (de secours) actif." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Mécanisme de bascule" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Le mécanisme de bascule fait la distinction entre une machine et d'un " +"service. Le moteur tente d'abord de résoudre le nom d'hôte d'un ordinateur " +"donné ; en cas d'échec de cette tentative de résolution, la machine est " +"considérée comme hors ligne. Aucune autre tentative n'est faite pour se " +"connecter à cette machine pour tout autre service. Si la tentative de " +"résolution réussit, le serveur principal tente de se connecter à un service " +"sur cette machine. Si la tentative de connexion de service échoue, alors ce " +"seul service est considéré comme hors ligne et le moteur passe " +"automatiquement au service suivant. La machine est toujours considérée en " +"ligne et peut toujours être considérée pour une tentative d'accès à un autre " +"service." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Les tentatives de connexion ultérieures sont faites vers des machines ou des " +"services marqués comme hors connexion après un délai spécifié ; ce délai est " +"actuellement spécifié en dur à 30 secondes." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"S'il n'y a plus aucune machine à essayer, le moteur dans son ensemble " +"bascule dans le mode hors connexion et tente ensuite de se reconnecter " +"toutes les 30 secondes." + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "CORRESPONDANCE D'IDENTIFIANTS" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"La fonctionnalité de correspondance d'ID permet à SSSD d'agir comme un " +"client de Active Directory sans demander aux administrateurs d'étendre les " +"attributs utilisateur pour prendre en charge les attributs POSIX pour les " +"identifiants d'utilisateur et de groupe." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"Remarque : Lorsque la mise en correspondance des ID est activée, les " +"attributs uidNumber et gidNumber sont ignorés. Ceci afin d'éviter les " +"risques de conflit entre les valeurs attribuées automatiquement et assignées " +"manuellement. Si vous avez besoin d'utiliser des valeurs attribuées " +"manuellement, TOUTES les valeurs doivent être assignées manuellement." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Arrêter le service SSSD" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Supprimer la base de donnée" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Démarrer le service SSSD" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Algorithme de correspondance" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory fournit un objectSID pour chaque objet d'utilisateur et de " +"groupe dans l'annuaire. Cet objectSID peut être divisé en composants qui " +"représentent l'identité de domaine Active Directory et l'identificateur " +"relatif (RID) de l'objet utilisateur ou groupe." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"L'algorithme de mise en correspondance des ID de SSSD tient un éventail " +"d'uid disponibles et le divise en sections de même taille, appelées « " +"tranches ». Chaque tranche représente l'espace disponible dans un domaine " +"Active Directory." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Lorsqu'une entrée d'utilisateur ou de groupe pour un domaine particulier est " +"rencontrée pour la première fois, SSSD alloue une des plages disponibles " +"pour ce domaine. Afin de rendre cette affectation de plage reproductible sur " +"les ordinateurs clients différents, l'algorithme de sélection de plage " +"suivant est utilisé :" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"La chaîne du SID est passée par l'intermédiaire de l'algorithme murmurhash3 " +"pour le convertir en une valeur de hachage de 32 bits. Nous prenons ensuite " +"le modulo de cette valeur avec le nombre total des tranches disponibles pour " +"prendre la tranche." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"Remarque : Il est possible de rencontrer les collisions dans le hachage et " +"le modulo en découlant. Dans ces situations, la tranche suivante disponible " +"sera sélectionnée, mais il n'est pas possible de reproduire le même jeu " +"exact des tranches sur d'autres machines (puisque l'ordre dans lequel elles " +"sont rencontrées déterminera leur tranche). Dans ce cas, il est recommandé " +"de passer à l'utilisation des attributs POSIX explicites dans Active " +"Directory (en désactivant la correspondance d'ID) ou configurer un domaine " +"par défaut afin de garantir qu'au moins un est toujours cohérent. Pour plus " +"d'informations, voir <quote>Configuration</quote>." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" +"Configuration minimale (dans la section <quote>[domain/DOMAINNAME]</" +"quote>) :" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" +"La configuration par défaut active 10 000 tranches, chacune pouvant contenir " +"jusqu'à 200 000 identifiants, démarrant à 10 001 et allant jusqu'à " +"2 000 100 000. Cela devrait être suffisant pour la plupart des déploiements." + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Configuration avancée" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Spécifie la limite inférieure de la plage d'ID POSIX à utiliser pour la mise " +"en correspondance d'identifiants utilisateurs et groupes Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"NOTE : Cette option est différente de <quote>min_id</quote> en ce sens que " +"<quote>min_id</quote> agit comme filtre sur le résultat des requêtes vers ce " +"domaine, alors que cette option contrôle les plages de correspondance d'ID. " +"Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent " +"d'avoir <quote>min_id</quote> inférieur ou égal à " +"<quote>ldap_idmap_range_min</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "Par défaut : 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Spécifie la limite supérieure de la plage d'ID POSIX à utiliser pour la mise " +"en correspondance d'identifiants utilisateurs et groupes Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"NOTE : Cette option est différente de <quote>max_id</quote> en ce sens que " +"<quote>max_id</quote> agit comme filtre sur le résultat des requêtes vers ce " +"domaine, alors que cette option contrôle les plages de correspondance d'ID. " +"Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent " +"d'avoir <quote>max_id</quote> supérieur ou égal à " +"<quote>ldap_idmap_range_max</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "Par défaut : 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Spécifie le nombre d'identifiants pour chaque tranche. Si la taille de la " +"plage ne divise pas uniformément dans les valeurs minimale et maximale, des " +"tranches complètes seront créées autant que possible." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (chaîne)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Spécifier le SID de domaine du domaine par défaut. Cela garantira que ce " +"domaine est toujours affecté à la tranche zéro dans la carte d'ID, sans " +"passer par l'algorithme murmurhash décrit ci-dessus." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (chaîne)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "Spécifier le nom de domaine par défaut." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (boolean)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Modifie le comportement de l'algorithme de mise en correspondance des ID " +"afin qu'il se comporte de manière identique à celui <quote>idmap_autorid</" +"quote> de winbind." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" +"Lorsque cette option est configurée, les domaines seront alloués en " +"commençant par la tranche zéro et augmentant de manière monotone pour chaque " +"domaine supplémentaire." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"Remarque : Cet algorithme n'est pas déterministe (il dépend de l'ordre dans " +"lequel utilisateurs et groupes sont invités). Si ce mode est nécessaire pour " +"assurer la compatibilité avec les ordinateurs qui utilisent winbind, il est " +"recommandé d'utiliser également l'option " +"<quote>ldap_idmap_default_domain_sid</quote> pour garantir qu'au moins un " +"domaine est systématiquement alloué à la tranche zéro." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_range_size (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "SID bien connus" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "Null Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "World Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "Local Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "Creator Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "NT Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "Built-in" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Affiche l'aide et quitte." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "Niveaux de débogage actuellement pris en charge :" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis> : défaillances fatales. " +"Tout ce qui empêcherait SSSD de démarrer ou provoquerait son arrêt." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis> : échecs critiques. Une " +"erreur qui ne tue pas SSSD, mais qui indique qu'au moins une caractéristique " +"majeure ne pourra pas fonctionner correctement." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis> : défaillances graves. " +"Une erreur qui annonce qu'une requête particulière ou une opération a échoué." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis> : erreurs mineures. Ce " +"sont les erreurs qui seraient susceptibles d'empirer pour provoquer l'erreur " +"en 2." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis> : paramètres de " +"configuration." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" +"<emphasis>5</emphasis>, <emphasis>0x0200</emphasis> : données de " +"fonctionnement." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis> : traçage des fonctions " +"opérationnelles." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis> : traçage des fonctions " +"de contrôles internes." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis> : contenu des variables " +"internes de fonctions pouvent être intéressantes." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis> : informations de " +"traçage de bas niveau." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Exemple</emphasis> : pour suivre erreurs fatales, critiques, " +"graves et les données de fonction, utiliser 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Exemple</emphasis> : pour consigner les erreurs fatales, les " +"paramètres de configuration, les données de fonction, les messages de trace " +"pour les fonctions de contrôle interne, utiliser 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Note</emphasis> : le format des niveaux de débogage a été " +"introduit dans la version 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "<emphasis>Par défaut</emphasis> : 0" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" +"<emphasis>Il s'agit d'une fonctionnalité expérimentale, utiliser http://" +"fedorahosted.org/sssd pour signaler les problèmes.</emphasis>" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "LE DOMAINE LOCAL" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Pour fonctionner correctement, un domaine avec <quote>id_provider = local</" +"quote> doit être créé et SSSD doit s'exécuter." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"L'administrateur peut vouloir utiliser les utilisateurs locaux SSSD au lieu " +"des utilisateurs UNIX traditionnels dans les cas où l'imbrication de groupes " +"(cf. <citerefentry><refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry>) est nécessaire. Les utilisateurs locaux sont " +"également utiles pour les tests et le développement de SSSD sans avoir à " +"déployer un serveur distant complet. Les outils <command>sss_user *</" +"command> et <command>sss_group *</command> utilisent alors un stockage local " +"de type LDB pour les utilisateurs et les groupes." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"Un DN de base facultatif, une étendue de recherche et un filtre LDAP afin de " +"restreindre les recherches LDAP pour ce type d'attribut." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "syntaxe : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"La portée peut être l'une des « base », « onelevel » ou « subtree ». Les " +"fonctions de portée sont spécifiées dans la section 4.5.1.2 de http://tools." +"ietf.org/html/rfc4511" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Pour obtenir des exemples de cette syntaxe, reportez-vous à la section " +"d'exemples <quote>ldap_search_base</quote>." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Noter que la spécification de portée ou de filtre n'est pas prise en charge " +"pour les recherches sur un serveur Active Directory qui serait susceptible " +"de produire un grand nombre de résultats et de déclencher l'extension Range " +"Retrieval dans sa réponse." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Veuillez noter que l'automounter ne lit que la carte maîtresse au démarrage. " +"Ainsi, si des modifications liées à autofs sont apportées à sssd.conf, vous " +"devrez généralement redémarrer le démon automounter après le redémarrage de " +"SSSD" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (chaîne)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "numéro d'UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "nom de domaine" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "nom d'utilisateur pleinement qualifié (utilisateur@domaine)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" +"UPN - Nom de principal d'utilisateur (User principal name, nom@ROYAUME)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" +"Le répertoire utilisateur original provenant du fournisseur d'identité." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"La valeur de l'option de configuration <emphasis>homedir_substring</" +"emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Réécrit le répertoire personnel de l'utilisateur. Il est possible de fournir " +"une valeur absolue ou un patron. Dans le cas d'un patron, les séquences " +"suivantes sont substituées :<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "Cette option peut aussi être définie pour chaque domaine." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "Par défaut : Indéfini (SSSD utilisera la valeur récupérée de LDAP)" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (chaîne)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Par défaut : /home" + +#~ msgid "" +#~ "Please note that the default values correspond to the default schema " +#~ "which is RFC2307." +#~ msgstr "" +#~ "Veuillez noter que les valeurs par défaut correspondent au schéma par " +#~ "défaut qui est RFC2307." + +#~ msgid "Default: ou" +#~ msgstr "Par défaut : ou" --- sssd-1.13.4.orig/src/man/po/ja.po +++ sssd-1.13.4/src/man/po/ja.po @@ -0,0 +1,12449 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Tadashi Jokagi <elf@poyo.jp>, 2012 +# Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013 +# carrotsoft <www.carrotsoft@gmail.com>, 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/" +"ja/)\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD マニュアル ページ" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "グループを変更します。" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "概要" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> はコマンドラインにおいて指定された変更を反映" +"するようグループを変更します。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "オプション" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定された" +"グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー" +"プ名のカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定された" +"グループから削除します。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "ファイル形式および変換" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "SSSD の設定ファイル" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "ファイルフォーマット" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"ファイルは ini 形式の構文を持ち、セクションとパラメーターから構成されます。セ" +"クションは角括弧にあるセクション名から始まり、次のセクションが始まるまで続き" +"ます。 1 つセクションと複数の値を持つパラメーターの例: <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"使用されるデータ形式は、文字列(引用符は不要)、整数および論理値" +"(<quote>TRUE/FALSE</quote> の値)です。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"すべてのセクションはオプションの <replaceable>description</replaceable> パラ" +"メーターを持てます。その機能はセクションのラベルとしてのみです。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> は、root により所有され、root のみが読み書きで" +"きる、通常のファイルである必要があります。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "debug_level (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "初期値: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "初期値: false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "初期値: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "特別セクション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "[sssd] セクション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "セクションのパラメーター" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"設定ファイルの構文が何であるカを指示します。SSSD 0.6.0 およびそれ以降はバー" +"ジョン 2 を使用します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "sssd 自身が開始するときに開始されるサービスのカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"データプロバイダーがクラッシュまたは再起動した場合、サービスが再接続をあきら" +"める前に試行する回数です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "初期値: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"ユーザー名とドメイン名のコンポーネントから完全修飾名を表現する方法を表す " +"<citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> 互換形式。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "ユーザー名" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" +"SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv." +"conf の状態を監視します。初期状態では、このために inotify を使用しようとしま" +"す。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするよう" +"フォールバックします。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"inotify を使用することをスキップすることが望ましい、いくつかの制限された状況" +"があります。これらの珍しい場合では、このオプションが 'false' に設定されるべき" +"です" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"初期値: inotify がサポートされるプラットフォームにおいては真です。他のプラッ" +"トフォームにおいては偽です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"注: このオプションは inotify が利用不可能なプラットフォームにおいて効果があり" +"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ" +"クトリーです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"このオプションは、libkrb5 がリプレイキャッシュに対する適切な場所を決められる" +"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていな" +"ければ __LIBKRB5_DEFAULTS__ です)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "初期値: 設定されません" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "re_expression (string)" +msgid "certificate_verification (string)" +msgstr "re_expression (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +#, fuzzy +#| msgid "Default: not set, i.e. service discovery is disabled" +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD の機能の各部分は SSSD と一緒に開始および停止される特別な SSSD サービスに" +"より提供されます。特別なサービスにより管理されるサービスはよく<quote>モニター" +"</quote>と呼ばれます。<quote>[sssd]</quote> セクションは、モニターだけでな" +"く、識別ドメインのような他の重要なオプションを設定するために使用されます。 " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "サービスセクション" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"異なるサービスを設定するために使用される設定がこのセクションに記述されます。" +"それらは [<replaceable>$NAME</replaceable>] セクションに置かれます。たとえ" +"ば、NSS サービスは <quote>[nss]</quote> セクションです" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "サービス設定の全体オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "これらのオプションはすべてのサービスを設定するために使用できます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" +"このオプションは、SSSD プロセスのクライアントがそれとコミュニケーションなしで" +"ファイル記述子に保持できる秒数を指定します。この値はシステムのリソース枯渇を" +"避けるために制限されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "初期値: 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "force_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "初期値: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "NSS 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"これらのオプションは Name Service Switch (NSS) サービスを設定するために使用で" +"きます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"nss_sss が列挙をキャッシュする秒数です(すべてのユーザーに関する情報に対する" +"要求)。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "初期値: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"エントリーキャッシュは、ドメインに対して entry_cache_timeout の値を超えて要求" +"された場合に、バックグラウンドでエントリーを自動的に更新するよう設定できま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"たとえば、ドメインの entry_cache_timeout が 30s に設定され、" +"entry_cache_nowait_percentage が 50 (%) に設定されていると、エントリーが 15 " +"秒経過後にきて、最新の更新キャッシュが直ちに返されます。しかし、SSSD が自身に" +"キャッシュされ、更新されます。そのため、その先の要求はキャッシュ更新を待つこ" +"とをブロックする必要がありません。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"このオプションに対して有効な値は 0-99 です。各ドメインに対する " +"entry_cache_timeout のパーセンテージを表します。性能上の理由から、このパーセ" +"ンテージは 10 秒よりも小さく nowait タイムアウトを減らすべきではありません。" +"(0 はこの機能を無効にします)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "初期値: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つま" +"り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ" +"せ)をキャッシュする秒数を指定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "初期値: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" +"sss NSS データベースから取り出されたものから特定のユーザーを除外します。これ" +"はとくにシステムアカウントに対して有効です。このオプションはドメインごとに設" +"定できます。または特定のドメインからユーザーのみをフィルターするために完全修" +"飾名を含めることができます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "初期値: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"フィルターされたユーザーがまだグループメンバーのままにしたいならば、このオプ" +"ションを偽に設定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"ドメインのデータプロバイダーにより明示的に指定されていない場合に、ユーザーの" +"ホームディレクトリーの標準テンプレートを設定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"このオプションに対して利用可能なオプションは override_homedir に対するものと" +"同じです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "override_shell (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "allowed_shells (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"ユーザーのシェルを一覧にある値のどれかに制限します。評価の順番は次のとおりで" +"す:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" +"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. シェルが allowed_shells 一覧にあるが、<quote>/etc/shells</quote> になけれ" +"ば、shell_fallback パラメーターの値を使用します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. シェルが allowed_shells 一覧になく、<quote>/etc/shells</quote> にもなけれ" +"ば、nologin シェルが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "シェルの空文字列は libc にそのまま渡されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"<quote>/etc/shells</quote> は SSSD が開始されるときにのみ読み込まれます。これ" +"は新しいシェルがインストールされた場合 SSSD の再起動が必要になることを意味し" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "shell_fallback (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"許可されたシェルがマシンにインストールされていない場合に使用する標準シェルで" +"す。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "初期値: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "memcache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "初期値: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "PAM 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"これらのオプションは Pluggable Authentication Module (PAM) サービスを設定する" +"ために使用できます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"認証プロバイダーがオフラインの場合に、キャッシュログインを許可する時間(オン" +"ラインログインの最終成功からの日数)です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "初期値: 0 (無制限)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"新しいログイン試行が可能になる前に offline_failed_login_attempts に達した後に" +"渡される分単位の時間です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"0 に設定されていると、offline_failed_login_attempts に達した場合、ユーザーが" +"オフライン認証できません。オンライン認証に成功すると、再びオフライン認証を有" +"効にできます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "初期値: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"認証中にユーザーに表示されるメッセージの種類を制御します。数字が大きければ大" +"きいほどメッセージが表示されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "現在 sssd は以下の値をサポートします:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "初期値: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"SSSD がオンラインの間はすべての PAM 要求に対して、ユーザーが最新の情報で認証" +"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"完全な PAM のやりとりは、アカウント管理やセッション開始のように、複数の PAM " +"要求を実行できます。このオプションは、識別プロバイダーに対する過剰なラウンド" +"トリップを避けるために識別情報をキャッシュできる時間(秒数)を(クライアント" +"アプリケーションごとに)制御します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "パスワードの期限が切れる前に N 日間警告を表示します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある" +"ことに注意してください。この情報がなければ、sssd は警告を表示します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "初期値: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +#, fuzzy +#| msgid "ldap_ns_account_lock (string)" +msgid "pam_account_locked_message (string)" +msgstr "ldap_ns_account_lock (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "pam_id_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "SUDO 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"時間依存の sudoers エントリーを実装する sudoNotBefore と sudoNotAfter の属性" +"を評価するかしないかです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "Autofs 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "これらのオプションが autofs サービスを設定するために使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"autofs レスポンダーのネガティブキャッシュ(つまり、存在しないもののように、無" +"効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前に" +"ヒットする秒数を指定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "SSH 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "これらのオプションは SSH サービスを設定するために使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "初期値: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +#, fuzzy +#| msgid "mail_dir (string)" +msgid "ca_db (string)" +msgstr "mail_dir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "初期値: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "allowed_uids (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "ドメインセクション" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"ドメインに対する UID と GID の制限です。ドメインがこれらの制限の外にあるエン" +"トリーを含む場合、それは無視されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"ユーザーに対して、これはプライマリー GID 制限に影響します。 UID またはプライ" +"マリー GID が範囲外ならば、ユーザーは NSS に返されません。非プライマリーメン" +"バーに対して、範囲内にあるものは予期されたものとして報告されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "初期値: min_id は 1, max_id は 0 (無制限)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "enumerate (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" +"ドメインが列挙できるかを決定します。このパラメーターは以下の値のどれかである" +"必要があります:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = ユーザーとグループが列挙されます" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = このドメインに対して列挙しません" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "初期値: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"最初の列挙が実行中の間、完全なユーザーまたはグループの一覧に対する要求は、そ" +"れが完了するまで結果を返しません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"さらに、列挙を有効にすることにより、挙の検索が確実に正しく完了するよりも長く" +"する必要があるので、ネットワーク切断を検知するために必要な時間が増える可能性" +"があります。詳細は使用している具体的な id_provider のマニュアルページを参照し" +"てください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にエントリーを有効であると考える秒" +"数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "初期値: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にユーザーエントリーを有効であると" +"考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "初期値: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にグループエントリーを有効であると" +"考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にネットワークグループエントリーを" +"有効であると考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にサービスエントリーを有効であると" +"考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "初期値: 0 (無効)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" +"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか" +"を決めます" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" +"ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"正常にログイン後、キャッシュのクリーンアップ中にエントリーが削除される前の日" +"数です。 0 は永久に保持することを意味します。このパラメーターの値は " +"offline_credentials_expiration と同等以上でなければいけません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "初期値: 0 (無制限)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "初期値: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "id_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"ドメインに対して使用される識別子プロバイダーです。サポートされる ID プロバイ" +"ダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "<quote>proxy</quote>: レガシーな NSS プロバイダーのサポート" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: LDAP プロバイダー。LDAP の設定に関する詳細は " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" +"<quote>ipa</quote>: FreeIPA および Red Hat Enterprise Identity Management プ" +"ロバイダー。FreeIPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-" +"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してくださ" +"い。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: Active Directory プロバイダー。Active Directory の設定に関" +"する詳細は <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"NSS に報告するユーザーのログイン名としてフルネームとドメイン (ドメインの完全" +"名形式により整形されたように) を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"TRUE に設定されていると、このドメインへのすべての要求は完全修飾名を使用する必" +"要があります。たとえば、 \"test\" ユーザーを含む LOCAL ドメインにおいて使用さ" +"れていると、<command>getent passwd test</command> はユーザーを見つけられませ" +"んが、<command>getent passwd test@LOCAL</command> は見つけられます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "auth_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"ドメインに対して使用される認証プロバイダーです。サポートされる認証プロバイ" +"ダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> は本来の LDAP 認証向けです。LDAP の設定に関する詳細は " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> は明示的に認証を無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる" +"ならば、それが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "access_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"ドメインに対して使用されるアクセス制御プロバイダーです。 2 つの組み込みアクセ" +"スプロバイダーがあります(インストールされたバックエンドに含まれるすべてを加" +"えます)。内部の特別プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> は常にアクセスを許可します。ローカルドメインに対するプ" +"ロバイダーのみアクセスが許可されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> は常にアクセスを拒否します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> アクセス制御はアクセスまたは拒否の一覧に基づきます。" +"simple アクセスモジュールの設定に関する詳細は <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "初期値: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "chpass_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"ドメインに対するパスワード変更操作を取り扱うプロバイダーです。サポートされる" +"パスワード変更プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> は LDAP サーバーに保存されているパスワードを変更します。 " +"LDAP の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> は Kerberos のパスワードを変更します。 Kerberos の設定に" +"関する詳細は <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継" +"します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"初期値: <quote>auth_provider</quote> が設定され、パスワードの変更要求を取り扱" +"うことができるならば、それが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "sudo_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー" +"は次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> は LDAP に保存されているルールのためです。LDAP の設定に関" +"する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> は SUDO を明示的に無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "selinux_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "autofs_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs " +"プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> は LDAP に保存されているマップを読み込みます。LDAP の設定" +"に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA " +"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote> to load maps stored in an IPA server. See " +#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring IPA." +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA " +"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> は明示的に autofs を無効にします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "hostid_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる " +"hostid プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> は IPA サーバーに保存されているホスト識別子を読み込みま" +"す。IPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> は明示的に hostid を無効にします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "username@domain.name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "domain\\username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" +"初期値: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> で" +"す。\"the name is everything up to the <quote>@</quote> sign, the domain " +"everything after that\" に解釈されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" +"関連注記: 古いバージョンの libpcre はサブパターンをラベル付けするために " +"Python 構文 (?P<name>) のみをサポートします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "初期値: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"DNS 検索を実行するときに使用する、優先アドレスファミリーを選択する機能を提供" +"します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "サポートする値:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" +"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" +"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "初期値: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" +"DNS リゾルバーが到達不可能であると仮定するまでに、そこからの応答を待つ時間" +"(秒単位)を定義します。このタイムアウトに達すると、ドメインはオフラインモー" +"ドにて操作を継続します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "初期値: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"サービス検索がバックエンドで使用されていると、サービス検索 DNS クエリーのドメ" +"イン部分を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "初期値: マシンのホスト名のドメイン部分を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "override_gid (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "プライマリー GID の値を指定されたもので上書きします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "サブドメインのフラット (NetBIOS) 名。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "初期値: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "realmd_tags (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "memcache_timeout (int)" +msgid "cached_auth_timeout (int)" +msgstr "memcache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"これらの設定オプションはドメイン設定のセクション、つまり <quote>[domain/" +"<replaceable>NAME</replaceable>]</quote> に存在します <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "中継するプロキシターゲット PAM です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" +"初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名" +"をここに追加する必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"プロキシードメインにおいて使用する NSS ライブラリーの名前です。ライブラリーに" +"おいて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば " +"_nss_files_getpwent です。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" +"プロキシドメインに対して有効なオプションです。 <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "ローカルドメインのセクション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" +"このセクションは、ユーザーとグループを SSSD ネイティブデータベースに保存する" +"ドメイン、つまり、 <replaceable>id_provider=local</replaceable> を使用するド" +"メインに対する設定を含みます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "default_shell (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "初期値: <filename>/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "base_directory (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" +"ツールがログイン名を <replaceable>base_directory</replaceable> に追加して、" +"ホームディレクトリーとして使用します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "初期値: <filename>/home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "create_homedir (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" +"初期状態で新規ユーザーに対するホームディレクトリーが作成されるかを指示しま" +"す。コマンドラインにおいて上書きできます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "初期値: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "remove_homedir (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" +"初期状態で新規ユーザーに対するホームディレクトリーが削除されるかを指示しま" +"す。コマンドラインにおいて上書きできます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "homedir_umask (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" +"新規に作成されるホームディレクトリーにパーミッションの初期値を指定するために " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> により使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "初期値: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "skel_dir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" +"ホームディレクトリーが <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> により作成されると" +"き、ユーザーのホームディレクトリーにコピーされるファイルおよびディレクトリー" +"を含む、スケルトンディレクトリーです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "初期値: <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "mail_dir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" +"メールスプールディレクトリーです。これに対応するユーザーアカウントが変更また" +"は削除されたとき、これを操作する必要があります。指定されていなければ、初期値" +"が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "初期値: <filename>/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "userdel_cmd (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" +"ユーザーの削除後に実行されるコマンドです。コマンドは最初の唯一のパラメーター" +"として削除されるユーザーのユーザー名を渡します。コマンドの返り値は考慮されま" +"せん。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "初期値: なし、コマンドを実行しません" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "例" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"以下の例は SSSD の一般的な設定を示します。ドメイン自身の設定を説明していませ" +"ん - ドメインの設定に関する詳細はドキュメントを参照してください。 " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して" +"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " +"<quote>ファイル形式</quote> セクションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "SSSD が複数の LDAP ドメインを使用するよう設定できます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" +"LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートしま" +"す。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが" +"必要になります。 <command>sssd</command> は暗号化されないチャネルにおける認証" +"はサポート<emphasis>されません</emphasis>。 LDAP サーバーが識別プロバイダーと" +"してのみ使用されるならば、暗号化チャネルは必要ありません。アクセスプロバイ" +"ダーとして LDAP を使用することの詳細は <quote>ldap_access_filter</quote> 設定" +"オプションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "設定オプション" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"IPv6 アドレスを明示するために、<host> を角括弧 [] でくくる必要がありま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "例: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必" +"要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "初期値: 空、つまり ldap_uri が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "LDAP ユーザー操作を実行するために使用される初期ベース DN です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"フィルターは http://www.ietf.org/rfc/rfc2254.txt により指定されたような有効" +"な LDAP 検索フィルターである必要があります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "例:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "ldap_schema (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "初期値: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "初期バインド DN の認証トークンの形式です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "現在 2 つのメカニズムがサポートされます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "初期値: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" +"デフォルトのバインド DN の認証トークンです。平文テキストのパスワードのみが現" +"在サポートされます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "初期値: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "ユーザーのログイン名に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "初期値: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "ユーザーの ID に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "初期値: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "初期値: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "ユーザーの gecos 項目に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "初期値: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "ユーザーのホームディレクトリーの名前を含む LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "初期値: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "ユーザーの初期シェルのパスを含む LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "初期値: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"LDAP ユーザーオブジェクトの objectSID を含む LDAP 属性です。これは通常 " +"ActiveDirectory サーバーに対してのみ必要です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "初期値: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(最終パスワード変更日)に対応する LDAP 属性の名前を" +"含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "初期値: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(最小パスワード期限)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "初期値: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(最大パスワード期限)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "初期値: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(パスワード警告期間)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "初期値: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(パスワード無効期間)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "初期値: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(アカウント失効日)に対応する LDAP 属性の名前を含み" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "初期値: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは Kerberos " +"の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "初期値: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは現在のパス" +"ワード失効日時を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "初期値: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"ldap_account_expire_policy=ad を使用するとき、このパラメーターはアカウントの" +"失効日時を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "初期値: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"ldap_account_expire_policy=ad を使用するとき、このパラメーターはユーザーアカ" +"ウントの制御ビット項目を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "初期値: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"ldap_account_expire_policy=rhds または同等のものを使用するとき、このパラメー" +"ターがアクセスが許可されるかされないかを決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "初期値: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"ldap_account_expire_policy=nds を使用するとき、アクセスが許可されるかされない" +"かをこの属性が決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "初期値: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"ldap_account_expire_policy=nds を使用しているとき、この属性はデータアクセスが" +"いつまで許可されるのかを決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"ldap_account_expire_policy=nds を使用しているとき、この属性はアクセスが許可さ" +"れるときの一週間の日の時間を決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "初期値: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "初期値: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"いくつかのディレクトリーサーバー、たとえば Active Directory、は小文字のレルム" +"を転送しません。それにより、認証が失敗します。もし大文字のレルムを使用したい" +"場合、このオプションを 0 以外に設定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"使用していないエントリー(メンバーのいないグループやログインしたことがない" +"ユーザーなど)に対してキャッシュを確認して、保存領域を節約するためにそれらを" +"削除する間隔を決めます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "ユーザーの完全名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "初期値: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "初期値: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"もし access_provider=ldap かつ ldap_access_order=authorized_service ならば、" +"SSSD はアクセス権限を決定するために、ユーザーの LDAP エントリーにある " +"authorizedService 属性を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"明示的な拒否 (!svc) が始めに解決されます。次に SSSD は明示的な許可 (svc) を検" +"索します。最後にすべて許可 (*) を検索します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "初期値: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限" +"を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検" +"索します。最後にすべて許可 (*) が検索されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "初期値: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "初期値: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "グループ名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "グループの ID に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "グループのメンバーの名前を含む LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"LDAP グループオブジェクトの objectSID を含む LDAP 属性です。これは通常 " +"ActiveDirectory サーバーに対してのみ必要です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "ldap_group_member (string)" +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_member (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"ldap_schema が入れ子グループ (例: RFC2307bis) をサポートするスキーマ形式に設" +"定されていると、このオプションが入れ子 SSSD がしたがうレベルを制御します。こ" +"のオプションは RFC2307 スキーマにおいて効果がありません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "初期値: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "ldap_groups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "初期値: 偽" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "ldap_initgroups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" +"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "初期値: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "ネットワークグループ名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" +"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "初期値: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"ネットワークグループの三つ組(ホスト、ユーザー、ドメイン)を含む LDAP 属性で" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "初期値: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "初期値: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "このサービスにより管理されるポートを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "初期値: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "初期値: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"注: このオプションは SSSD の将来のバージョンにおいて変更される可能性がありま" +"す。特定の種類の検索のために一連のタイムアウトによりある時点に置き換えられる" +"かもしれません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"<citerefentry> <refentrytitle>connect</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> に続けて <citerefentry> <refentrytitle>poll</" +"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> " +"<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "初期値: 900 (15 分)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"1 回の要求で LDAP から取得するレコード数を指定します。いくつかの LDAP サー" +"バーは 1 要求あたりの最大数の制限を強制します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "初期値: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"LDAP ページング制御を無効にします。LDAP サーバーがその RootDSE において LDAP " +"ページング制御をサポートするが、有効化されていない、もしくは正しく動作しない" +"ことを報告する場合に、このオプションが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"例: サーバーにページング制御モジュールがインストールされているが、RootDSE に" +"おいて有効化されていないと報告され、それを使用できない OpenLDAP サーバーで" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"例: 389 DS は単一の接続において同時に 1 つのページ制御のみをサポートします。" +"負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性" +"があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "Active Directory の範囲の取得を無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"もしあれば、 TLS セッションにおいてサーバー証明書において実行するためにチェッ" +"クするものを指定します。以下の値のうち 1 つを指定できます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = クライアントがすべてのサーバー証明書を要求または" +"確認しません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = サーバー証明書が要求されます。証明書が提供されな" +"ければ、セッションが通常通り進められます。不正な証明書が提供されると、それは" +"無視され、セッションが通常通り進められます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = サーバー証明書が要求されます。証明書が提供されなけ" +"れば、セッションが通常通り進められます。不正な証明書が提供されると、セッショ" +"ンが直ちに終了します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = サーバー証明書が要求されます。証明書が提供され" +"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "初期値: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> が認識するすべての認証局に対する証明" +"書を含むファイルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"初期値: OpenLDAP の初期値の使用、一般的に <filename>/etc/openldap/ldap.conf</" +"filename> にあります" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"個別のファイルに CA 証明書を含むディレクトリーのパスを指定します。一般的に" +"ファイル名は '.0' で終わる証明書のハッシュである必要があります。利用可能なら" +"ば、<command>cacertdir_rehash</command> は正しい名前を作成するために使用でき" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "クライアントのキーに対する証明書を含むファイルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "クライアントのキーを含むファイルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" +"チャネルを保護するために <systemitem class=\"protocol\">tls</systemitem> も使" +"用する必要がある id_provider 接続を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "ldap_min_id, ldap_max_id (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" +"使用する SASL メカニズムを指定します。現在 GSSAPI のみがテストされサポートさ" +"れます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "初期値: host/hostname@REALM" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "初期値: krb5_realm の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"真に設定されていると、 LDAP ライブラリーは SASL バインド中にホスト名を正規化" +"するために逆引きを実行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "初期値: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" +"Kerberos クレディンシャル (TGT) を初期化する id_provider を指定します。この操" +"作は、 SASL が使用され、選択されたメカニズムが GSSAPI である場合のみ実行され" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "初期値: 86400 (24 時間)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"KDC または kpasswd サーバーに対してサービス検索を使用するとき、SSSD はまずプ" +"ロトコルとして _udp を指定する DNS エントリーを検索して、何も見つからなけれ" +"ば _tcp にフォールバックします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"このオプションは以前の SSSD において <quote>krb5_kdcip</quote> という名前でし" +"た。古い名前がしばらく認められる間、ユーザーは代わりに <quote>krb5_server</" +"quote> を使用するよう設定ファイルを移行することが推奨されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定" +"します。この機能は MIT Kerberos >= 1.7 で利用可能です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"位置情報プラグインの詳細は <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> マニュアルページを参照ください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"クライアント側においてパスワード期限切れを評価するためのポリシーを選択しま" +"す。以下の値が許容されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> - クライアント側において評価しません。このオプショ" +"ンはサーバー側のパスワードポリシーを無効にできません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" +"<emphasis>shadow</emphasis> - パスワードが失効したかを評価するために " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> 形式の属性を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> - パスワードが期限切れしているかを決定する" +"ために MIT Kerberos により使用される属性を使用します。パスワードが変更される" +"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "自動参照追跡が有効化されるかを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 " +"sssd のみが参照追跡をサポートすることに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"サービス検索が有効にされているときに使用するサービスの名前を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "初期値: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"サービス検索が有効にされているときに、パスワード変更を許可する LDAP サーバー" +"を検索するために使用するサービスの名前を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "例:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" +"この機能に対するオフラインキャッシュは、ユーザーの最終オンラインログインがア" +"クセス権を許可されたかどうかを決めることに制限されます。採集ログインの間にア" +"クセスが許可されていると、オフラインの間にアクセスが許可され続けます。逆もま" +"た同様です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "初期値: 空白" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"このオプションを使用すると、アクセス制御属性のクライアント側評価が有効になり" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"必ずサーバー側のアクセス制御を使用することが推奨されることに注意してくださ" +"い。つまり、パスワードが正しいときさえ、適切なエラーコードでバインド要求を拒" +"否します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "以下の値が許可されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: アカウントが失効しているかを決めるために " +"ldap_user_shadow_expire の値を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: アクセスが許可されるかされないかを確認するために " +"ldap_ns_account_lock の値を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: アクセスが許可されるかを確認するために the values " +"of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled および " +"ldap_user_nds_login_expiration_time の値が使用されます。どの値もなければ、ア" +"クセスが許可されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: アクセス権を決定するために " +"authorizedService 属性を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "初期値: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "値が複数使用されていると設定エラーになることに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "ldap_deref (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"検索を実行するときにどのように参照解決を実行するかを指定します。以下のオプ" +"ションが許容されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: エイリアスはベースオブジェクトの下位に参照解" +"決されますが、検索のベースオブジェクトの位置を探すときはされません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: エイリアスは検索のベースオブジェクトの位置を探" +"すときのみ参照解決されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: エイリアスは検索のベースオブジェクトを検索すると" +"きも位置を検索するときも参照解決されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"初期値: 空白(LDAP クライアントライブラリにより <emphasis>never</emphasis> と" +"して取り扱われます)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "ldap_opt_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま" +"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ" +"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "SUDO オプション" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "初期値: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "sudo ルール名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "コマンド名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "初期値: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"ホスト名(またはホスト IP アドレス、ホスト IP ネットワーク、ホストネットワー" +"クグループ)に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "初期値: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"ユーザー名(または UID、グループ名、ユーザーのネットワークグループ)に対応す" +"る LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "初期値: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "sudo オプションに対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "初期値: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "初期値: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "初期値: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "初期値: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"sudo ルールが有効ではなくなった後に、期限切れとなる日時に対応する LDAP 属性で" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "初期値: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "初期値: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"値は <emphasis>ldap_sudo_smart_refresh_interval</emphasis> より大きい必要があ" +"ります" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "初期値: 21600 (6 時間)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"ルールをフィルターするために使用されるホスト名または完全修飾ドメイン名の空白" +"区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"<emphasis>ldap_sudo_use_host_filter</emphasis> が <emphasis>false</emphasis> " +"ならば、このオプションは効果を持ちません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "初期値: 指定なし" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"ルールをフィルターするために使用される、IPv4 または IPv6 ホスト/ネットワーク" +"アドレスの空白区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性" +"セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "AUTOFS オプション" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "初期値: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "LDAP における automount のマップエントリーの名前です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +#, fuzzy +#| msgid "" +#| "The key of an automount entry in LDAP. The entry usually corresponds to a " +#| "mount point." +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイ" +"ントと対応します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: automountMap" +msgid "Default: automount" +msgstr "初期値: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイ" +"ントと対応します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "初期値: automountInformation" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "高度なオプション" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"以下の例は、SSSD が正しく設定され、LDAP が <replaceable>[domains]</" +"replaceable> セクションにあるドメインのどれかに設定されていると仮定していま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "注記" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"このマニュアルページにある設定オプションのいくつかの説明は、OpenLDAP 2.4 ディ" +"ストリビューションから <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページに基" +"づいています。" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "SSSD の PAM モジュール" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> は System Security Services daemon (SSSD) への " +"PAM インターフェースです。エラーと結果は <command>syslog(3)</command> を通し" +"て LOG_AUTHPRIV ファシリティでログ記録されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "不明なユーザーのログメッセージを抑制します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"<option>forward_pass</option> が設定されていると、他の PAM モジュールが使用す" +"るために、入力されたパスワードがスタックに置かれます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"引数 use_first_pass は強制的にモジュールが前にスタックされたモジュールのパス" +"ワードを使用して、ユーザーに入力させません。パスワードが何も利用可能ではな" +"い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"パスワードを変更するとき、モジュールが強制的に新しいパスワードを、前にスタッ" +"クされたパスワードモジュールに設定します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"指定されていると、認証に失敗した場合にパスワードをあと N 回ユーザーに問い合わ" +"せます。初期値は 0 です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイア" +"ログを処理すると仮定して動作しません。典型的な例は " +"<option>PasswordAuthentication</option> を用いた <command>sshd</command> で" +"す。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "提供されるモジュール形式" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"すべてのモジュール形式 (<option>account</option>, <option>auth</option>, " +"<option>password</option> および <option>session</option>) が提供されます。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "ファイル" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によ" +"るパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえ" +"ば、このメッセージはパスワードをリセットする方法に関する説明があります。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"これらのファイルがディレクトリー <filename>/etc/sssd/customize/DOMAIN_NAME/</" +"filename> において検索されます。一致するファイルがなければ、一般的なメッセー" +"ジが表示されます。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> は、レルム、および KDC の名前または IP アドレスを、それぞれ " +"SSSD_KRB5_REALM および SSSD_KRB5_KDC の中に置きます。" +"<command>sssd_krb5_locator_plugin</command> が Kerberos ライブラリーにより呼" +"び出されるとき、それがこれらの変数を読み込み、評価し、ライブラリーに返しま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 " +"<command>sssd_krb5_locator_plugin</command> がシステムにおいて利用可能でなけ" +"れば、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要がありま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ" +"セージが標準エラーに送られます。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "SSSD の 'simple' アクセス制御プロバイダーの設定ファイルです。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説" +"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形" +"式</quote> セクションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"シンプルアクセスプロバイダーは、ユーザー名またはグループ名のアクセスまたは拒" +"否の一覧に基づいてアクセスを許可または拒否します。以下の例を適用します:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "すべての一覧が空白ならば、アクセスが認められます" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"何らかの一覧が提供されていると、許可(allow)、拒否(deny)の順に評価されま" +"す。拒否ルールに一致するすべてのものは、許可ルールに一致するすべてのものを更" +"新することを意味します。" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"\"allow\" 一覧が提供されていると、すべてのユーザーはこの一覧に表れなければ拒" +"否されます。" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"\"deny\" 一覧のみが提供されていると、ユーザーがこの一覧に表れない限り、すべて" +"のユーザーがアクセスを許可されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "アクセスが明示的に拒否されたユーザーのカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"ログインが許可されたグループのカンマ区切り一覧です。この SSSD ドメインの中の" +"グループのみに適用されます。ローカルグループは評価されません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"アクセスが明示的に拒否されたグループのカンマ区切り一覧です。この SSSD ドメイ" +"ンの中のグループのみに適用されます。ローカルグループは評価されません。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD ドメインの設定に関する詳細は <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " +"<quote>ドメインセクション</quote> のセクションを参照してください。 " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"simple_allow_users と simple_deny_users がどちらも定義されると、設定エラーに" +"なることに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</" +"replaceable> セクションにあるドメインの 1 つであると仮定します。この例はアク" +"セスプロバイダー固有の簡単なオプションのみを示します。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説" +"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー" +"ジの <quote>ファイル形式</quote> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"IPA プロバイダーは IPA サーバーに接続するために使用されるバックエンドです。" +"(IPA サーバーに関する詳細は freeipa.org のウェブサイトを参照してください。)" +"このプロバイダーは、マシンが IPA ドメインに参加していて、設定がすでに全体的に" +"自己検索され、サーバーから直接取得されている必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"IPA プロバイダーは <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> 識別プロバイダーおよび " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> 認証プロバイダーにより使用されるものと同じオプショ" +"ンを受け付けます。いくつかの例外は以下に説明されています。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" +"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ" +"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと" +"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス" +"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク" +"セスプロバイダーが設定されていなければ、クライアント側において必要になりま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "ipa_domain (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"IPA ドメインの名前を指定します。これはオプションです。提供されなければ、設定" +"ドメイン名が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" +"オプションです。hostname(5) がこのホストを識別するために IPA ドメインにおいて" +"使用される完全修飾名を反映しないマシンにおいて設定されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"注: (RHEL5 のような) 古いシステムにおいて、この動作が正しく機能するためには、" +"デフォルトの Kerberos レルムが /etc/krb5.conf において正しく設定されている必" +"要があります" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "初期値: 1200 (秒)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "初期値: IPA LDAP 接続の IP アドレスを使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "初期値: False (無効)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"nsupdate ユーティリティが DNS サーバーと通信するために TCP を標準で使用するか" +"どうか。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_server (string)" +msgstr "dyndns_iface (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと" +"して使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "初期値: ベース DN を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"複数の検索ベースを設定することの詳細は <quote>ldap_search_base</quote> を参照" +"してください。" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと" +"して使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列" +"を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" +"取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" +"この初期値は伝統的な Kerberos プロバイダーのバックエンドとは異なることに注意" +"してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Kerberos レルムの名前です。これはオプションで、初期値は <quote>ipa_domain</" +"quote> の値です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"IPA において特別な意味を持つ Kerberos レルムの名前です。LDAP 操作を実行するた" +"めに使用するベース DN に変換されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" +"IPA LDAP と AS 要求に対して接続するとき、ホストとユーザープリンシパルを正規化" +"するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Kerberos の事前認証のために flexible authentication secure tunneling (FAST) " +"を有効化します。以下のオプションがサポートされます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis> は FAST を使用します。サーバーが FAST を要求しな" +"ければ、認証が失敗します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"注: SSSD は MIT Kerberos バージョン 1.8 およびそれ以降のみで FAST をサポート" +"します。SSSD が古いバージョンの MIT Kerberos を使用している場合、このオプショ" +"ンを使用すると設定エラーになります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "初期値: 5 (秒)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "この IPA クライアントが使用する automounter の場所です" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "初期値: \"default\" という名前の場所" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"'subdomains_provider = ipa' オプションが sssd.conf のドメインのセクションに見" +"つかれば、IPA サブドメインプロバイダーが明示的に設定されます。すべてのサブド" +"メインのリクエストが必要に応じて IPA サーバーに送られます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</" +"replaceable> セクションにあるドメインの 1 つであることを仮定しています。この" +"例は IPA プロバイダー固有のオプションのみを示しています。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +#, fuzzy +#| msgid "" +#| "However, it is neither necessary nor recommended to set these options. " +#| "IPA provider can also be used as an access and chpass provider. As an " +#| "access provider it uses HBAC (host-based access control) rules. Please " +#| "refer to freeipa.org for more information about HBAC. No configuration of " +#| "access provider is required on the client side." +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" +"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ" +"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと" +"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス" +"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク" +"セスプロバイダーが設定されていなければ、クライアント側において必要になりま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "ad_domain (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Active Directory ドメインの名前を指定します。これはオプションです。指定されな" +"ければ、設定のドメイン名が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"正しい動作のために、このオプションは Active Directory ドメインの長いバージョ" +"ンの小文字バージョンとして指定されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +#, fuzzy +#| msgid "" +#| "The comma-separated list of hostnames of the AD servers to which SSSD " +#| "should connect in order of preference. For more information on failover " +#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is " +#| "optional if autodiscovery is enabled. For more information on service " +#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"SSSD が接続したい AD サーバー(優先順)のホスト名のカンマ区切り一覧です。" +"フェールオーバーおよびサーバー冗長化に関する詳細は <quote>FAILOVER</quote> セ" +"クションを参照してください。自動探索が有効になっていると、これはオプションで" +"す。サービス探索の詳細は <quote>SERVICE DISCOVERY</quote> セクションを参照し" +"てください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "ad_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" +"オプションです。hostname(5) が Active Directory ドメインにおいて使用される完" +"全修飾名を反映しないマシンにおいてマシンに設定されるかもしれません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" +"この項目はキーテーブルにおいて使用中のホストプリンシパルを決定するために使用" +"されます。キーテーブルが発行されたホスト名と一致する必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "初期値: 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "初期値: 86400 (24 時間)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "初期値: 3600 (秒)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +#, fuzzy +#| msgid "Default: Use the IP address of the AD LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "初期値: AD の LDAP 接続の IP アドレスを使用します" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "初期値: True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"ユーザープリンシパルをエンタープライズプリンシパルとして取り扱うかどうかを指" +"定します。エンタープライズプリンシパルの詳細は RFC 6806 のセクション 5 を参照" +"してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"以下の例は SSSD が正しく設定され、example.com が <replaceable>[sssd]</" +"replaceable> セクションにあるドメインの一つであると仮定しています。この例は " +"AD プロバイダー固有のオプションのみ示してします。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "SSSD バックエンドを用いた sudo の設定法" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "sudo ルールを取得するよう SSSD を設定する方法" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "SUDO ルールキャッシュメカニズム" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "keyword ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "ワイルドカード" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "netgroup (\"+netgroup\" の形式)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "このマシンのホスト名または完全修飾ドメイン名" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "このマシンの IP アドレスのどれか" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "ネットワークの IP アドレスのどれか (\"address/mask\" 形式)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> はリモートディレクトリーへのアクセスと認証メカニズム" +"を管理するための一組のデーモンを提供します。システムへの NSS と PAM インター" +"フェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウ" +"ントソースに接続するための取り外し可能なバックエンドシステムを提供します。ク" +"ライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを" +"提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存す" +"るためのより強靭なデータベースを提供します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "<emphasis>0</emphasis>: デバッグメッセージで日時を無効にします" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: デバッグメッセージにミリ秒をタイムスタンプに追加しま" +"す" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "<emphasis>0</emphasis>: 日時でマイクロ秒を無効にします" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" +"デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファ" +"イルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD サービス" +"とドメインに対して別々のログファイルがあります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "起動後にデーモンになります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "フォアグラウンドで実行して、デーモンになりません。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"非標準の設定ファイルを指定します。初期値は <filename>/etc/sssd/sssd.conf</" +"filename> です。設定ファイルの構文とオプションは <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> マニュアルページを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "バージョン番号を表示して終了します。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "シグナル" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"SSSD にすべての子プロセスを穏やかに停止するよう通知して、モニターをシャットダ" +"ウンします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"SSSD が現在のデバッグファイルディスクリプターに書き込むことを止めて、それらを" +"閉じてから開きなおすよう指示します。これは logrotate のようなプログラムを用い" +"てログローテーションを促進することを意味します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "平文パスワードをわかりにくくする" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> は、与えられたパスワードを人間が読みにくい形" +"式に変換して、SSSD 設定ファイルの適切なドメインセクションに置きます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"平文のパスワードは、標準入力から読み込まれます、または対話的に入力されます。" +"解読しにくくされたパスワードが指定された SSSD ドメインの " +"<quote>ldap_default_authtok</quote> パラメータに置かれます。また " +"<quote>ldap_default_authtok_type</quote> パラメーターが " +"<quote>obfuscated_password</quote> に設定されます。これらのパラメーターの詳細" +"は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリ" +"ングできるので <emphasis>実際にセキュリティの便益</emphasis> は提供されませ" +"ん。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用すること" +"を <emphasis>強く</emphasis> 推奨します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "解読しにくくするパスワードが標準入力から読み込まれます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"パスワードに使用する SSSD ドメインです。名前の初期値は <quote>default</" +"quote> です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "位置パラメーターにより指定された設定ファイルを読み込みます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "初期値: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_userdel" +msgid "sss_override" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "SUDO OPTIONS" +msgid "COMMON OPTIONS" +msgstr "SUDO オプション" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "Those options are available with all commands." +msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "sss_useradd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "新しいユーザーを作成する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" +"<command>sss_useradd</command> は、コマンドラインにおいて指定された値とシステ" +"ムの初期値を使用して、新しいユーザーを作成します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"ユーザーの UID を <replaceable>UID</replaceable> の値を設定します。与えられな" +"いと、自動的に選択されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"ユーザーを説明している任意のテキスト文字列です。しばしばユーザーの完全名の項" +"目として使用されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" +"ユーザーアカウントのホームディレクトリーです。初期値は <filename>/home</" +"filename> に <replaceable>LOGIN</replaceable> の名前を追加して、ホームディレ" +"クトリーとして使用します。 <replaceable>LOGIN</replaceable> の前につけるベー" +"スは sssd.conf において <quote>user_defaults/baseDirectory</quote> 設定で変更" +"できます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" +"ユーザーのログインシェルです。初期値は現在 <filename>/bin/bash</filename> で" +"す。初期値は sssd.conf において <quote>user_defaults/defaultShell</quote> で" +"変更できます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "このユーザーがメンバーである既存のユーザーの一覧です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "<option>-m</option>,<option>--create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" +"ユーザーのホームディレクトリーが存在しなければ、それを作成します。(-k オプ" +"ションまたは設定ファイルで定義できる)スケルトンディレクトリーにあるファイル" +"とディレクトリーがホームディレクトリーにコピーされます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "ユーザーのホームディレクトリーを作成しません。設定を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" +"スケルトンディレクトリーです。ホームディレクトリーが <command>sss_useradd</" +"command> により作成されるとき、ユーザーのホームディレクトリーにコピーされる" +"ファイルとディレクトリーを含みます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" +"特殊ファイル (ブロックデバイス、キャラクターデバイス、名前付きパイプおよび " +"UNIX ソケット) はコピーされません。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" +"<option>-m</option> (または <option>--create-home</option>) オプションが指定" +"されたとき、またはホームディレクトリーの作成が設定において TRUE に設定されて" +"いる場合のみ、このオプションが有効です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" +"ユーザーがログインする際の SELinux ユーザーです。未指定の場合、システムの初期" +"値を使います。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> に対する Kerberos 5 認証バックエンド" +"の設定を説明しています。詳細な構文の参考資料は、<citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> マニュアルページの <quote>ファイル形式</quote> セクションを参照" +"してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダー" +"を含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要" +"があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより" +"必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のよう" +"な、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は " +"UPN を指定するためのエントリーがある必要があります。これを設定する方法に関す" +"る詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"このバックエンドは、ユーザーのホームディレクトリーにある .k5login ファイルに" +"基づいたアクセス制御を提供します。詳細は <citerefentry> <refentrytitle>." +"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してく" +"ださい。空の .k5login ファイルがあると、このユーザーに対するすべてのアクセス" +"が拒否されます。この機能を有効にするには、SSSD 設定において 'access_provider " +"= krb5' を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"UPN が識別バックエンド <command>sssd</command> において利用できない場合は、形" +"式 <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable> " +"を使用して UPN を構築します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"SSSD が接続したい AD サーバー(優先順)の IP アドレスまたはホスト名のカンマ区" +"切り一覧を指定します。フェールオーバーおよびサーバー冗長化に関する詳細は " +"<quote>FAILOVER</quote> セクションを参照してください。ポート番号(コロンの後" +"ろ)をオプションとして、アドレスやホスト名の後ろに付けることもできます。これ" +"が無ければ、サービス探索が有効になっています。詳細は <quote>サービス探索</" +"quote> のセクションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "Kerberos レルムの名前です。このオプションは指定する必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここ" +"で指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホス" +"ト名に追加できます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"フェイルオーバーとサーバー冗長性に関する詳細は、<quote>フェイルオーバー</" +"quote>のセクションを参照してください。注:KDC に対する認証がまだ可能であるな" +"らば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフラ" +"インに切り替えないことに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "初期値: KDC を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "初期値: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (文字列)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "ログイン名" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "ログイン UID" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "プリンシパル名" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "レルム名" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "ホームディレクトリー" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "SSSD クライアントのプロセス ID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "文字 '%'" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"オンライン認証またはパスワード変更要求が中止された後の秒単位のタイムアウトで" +"す。可能ならば、認証要求がオフラインで継続されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"KDC から取得したクレディンシャルを検証するときに使用されるキーテーブルの場所" +"です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "初期値: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "秒は <emphasis>s</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "分は <emphasis>m</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "時間は <emphasis>h</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "日は <emphasis>d</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に" +"指定したい場合、'1h30m' の代わりに '90m' を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "初期値: 設定されません、つまり TGT は更新可能ではありません" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に" +"指定したい場合、'1h30m' の代わりに '90m' を使用してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初" +"期値です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"このオプションが設定されていない場合、または 0 に設定されている場合、自動更新" +"は無効になります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> は FAST を使用します。このオプションを何も設定しな" +"いことと同等です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> は FAST を使用します。サーバーが FAST をサポートして" +"いなければ、FAST を使用せずに認証を続行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "初期値: 設定されません、つまり FAST が使用されません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "注: キーテーブルは FAST を使用する必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "FAST に対して使用するサーバープリンシパルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は " +"MIT Kerberos 1.7 およびそれ以降で利用可能です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"認証モジュール krb5 が SSSD ドメインにおいて使用されていると、以下のオプショ" +"ンを使用する必要があります。 SSSD ドメインの設定における詳細は " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページの <quote>ドメインセクション</" +"quote> を参照してください。 <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"以下の例は、SSSD が正しく設定され、FOO が <replaceable>[sssd]</replaceable> " +"セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証" +"の設定のみを示し、識別プロバイダーを何も含みません。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "sss_groupadd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "新しいグループを作成する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" +"<command>sss_groupadd</command> が新しいグループを作成します。これらのグルー" +"プは POSIX グループと互換性があり、他のグループをメンバーとして含められる追加" +"機能と互換性があります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"グループの GID を <replaceable>GID</replaceable> の値に設定します。与えられな" +"いと、自動的に選択されます。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "ユーザーアカウントを削除する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" +"<command>sss_userdel</command> はログイン名 <replaceable>LOGIN</replaceable> " +"により識別されるユーザーをシステムから削除します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "<option>-r</option>,<option>--remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト" +"リーとユーザーのメールスプールとともに削除されます。設定が上書きされます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "<option>-R</option>,<option>--no-remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト" +"リーとユーザーのメールスプールとともに削除されません。設定が上書きされます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "<option>-f</option>,<option>--force</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" +"このオプションは、指定されたユーザーにより所有されていないものさえ、" +"<command>sss_userdel</command> がユーザーのホームディレクトリーとメールスプー" +"ルを削除するよう強制します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "<option>-k</option>,<option>--kick</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "実際にユーザーを削除する前に、そのプロセスをすべて停止します。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "グループを削除する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" +"<command>sss_groupdel</command> は名前 <replaceable>GROUP</replaceable> によ" +"り識別されるグループをシステムから削除します。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "グループのプロパティーを表示します" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" +"<command>sss_groupshow</command> はその名前 <replaceable>GROUP</replaceable> " +"により識別されるグループに関する情報を表示します。情報はグループ ID 番号、グ" +"ループのメンバーおよび親グループを含みます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "<option>-R</option>,<option>--recursive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" +"ツリー階層形式で間接的なグループメンバーも表示します。これは親グループの表示" +"にも影響を与えることに注意してください - <option>R</option> を指定しないと、" +"直接の親のみが表示されます。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "ユーザーアカウントを修正します" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" +"<command>sss_usermod</command> は、コマンドラインにおいて指定された変更を反映" +"するために、 <replaceable>LOGIN</replaceable> により指定されたアカウントを変" +"更します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "ユーザーアカウントのホームディレクトリーです。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "ユーザーのログインシェルです。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定された" +"グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー" +"プ名のカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "<replaceable>GROUPS</replaceable> " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "<option>-l</option>,<option>--lock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "ユーザーアカウントをロックします。ユーザーはログインできなくなります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "<option>-u</option>,<option>--unlock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "ユーザーアカウントのロックを解除します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "ユーザーのログインのための SELinux ユーザーです。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "キャッシュクリーンアップを実行する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" +"<command>sss_cache</command> は SSSD キャッシュにあるレコードを無効にします。" +"無効化されたレコードは、関連する SSSD バックエンドがオンラインになるとすぐ" +"に、サーバーから強制的に再読み込みされます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "sudo ルール以外のすべてのキャッシュ項目を無効化します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "特定のユーザーを無効にします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ" +"れが特定のユーザーの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "特定のグループを無効にします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"すべてのグループレコードを無効にします。このオプションも設定されていると、こ" +"れが特定のグループの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "特定のネットワークグループを無効にします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"すべてのネットワークグループレコードを無効にします。このオプションが設定され" +"ていると、これが特定のネットワークグループの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "特定のサービスを無効化します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"すべてのサービスレコードを無効にします。このオプションも設定されていると、こ" +"れが特定のサービスの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "特定の autofs マップを無効化します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"すべての autofs マップを無効化します。このオプションは特定のマップが設定され" +"ていても、その無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "無効化プロセスを特定のドメインのみに制限します。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "SSSD が実行中にデバッグレベルを変更する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" +"<command>sss_debuglevel</command> は SSSD が実行中に SSSD モニターとプロバイ" +"ダーのデバッグレベルを <replaceable>NEW_DEBUG_LEVEL</replaceable> に変更しま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "ユーザーの UID を <replaceable>UID</replaceable> に設定します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "ユーザーの GID を <replaceable>GID</replaceable> に設定します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"ユーザーのホームディレクトリーを <replaceable>HOME_DIR</replaceable> に設定し" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "関連項目" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "OpenSSH 認可キーを取得する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> はユーザー <replaceable>USER</" +"replaceable> の SSH 公開鍵を取得して、 OpenSSH authorized_keys 形式に出力しま" +"す (詳細は <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> の <quote>AUTHORIZED_KEYS FILE FORMAT</quote> セク" +"ションを参照してください)。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> は、 <quote>AuthorizedKeysCommand</quote> または " +"<quote>PubkeyAgent</quote> <citerefentry> <refentrytitle>sshd_config</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> オプションのサポート付" +"きでコンパイルされていると、公開鍵ユーザー認証のために " +"<command>sss_ssh_authorizedkeys</command> を使用するために設定できます。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" +"<quote>PubkeyAgent</quote> がサポートされていると、 " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> は <citerefentry> <refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> 設定に以下のディレクティブを置くこと" +"により、これを使用するために設定できます: <placeholder type=\"programlisting" +"\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"SSSD ドメイン <replaceable>DOMAIN</replaceable> にあるユーザーの公開鍵を検索" +"します。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "終了コード" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "OpenSSH ホストキーを取得します" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> はホスト <replaceable>HOST</" +"replaceable> の SSH ホスト鍵を取得して、個別の OpenSSH known_hosts ファイル " +"(詳細は <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> の <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> セク" +"ションを参照してください) <filename>/var/lib/sss/pubconf/known_hosts</" +"filename> に保存して、ホストへの接続を確立します。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"<replaceable>PROXY_COMMAND</replaceable> が指定されていると、ソケットを開く代" +"わりにホストへの接続を作成するために使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> は <citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> 設定に対して以下のディレクティブを使" +"用することにより、ホストキー認証に <command>sss_ssh_knownhostsproxy</" +"command> を使用するために設定できます: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"ホストに接続するためにポート <replaceable>PORT</replaceable> を使用します。初" +"期値ではポート 22 が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"SSSD ドメイン <replaceable>DOMAIN</replaceable> においてホスト公開鍵を検索し" +"ます。" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "サービス探索" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "設定" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"何もサーバーが指定されていなければ、バックエンドがサーバーを見つけようとする" +"ために、サービス探索を自動的に使用します。オプションとして、サーバーの一覧に" +"特別なキーワード <quote>_srv_</quote> を挿入することにより、ユーザーが固定" +"サーバーアドレスおよびサービス探索のどちらも使用することを選択できます。これ" +"は設定の順番が維持されます。たとえば、ユーザーができる限りサービス探索を使用" +"し、DNS を使用してサーバーを探索できないときに特定のサーバーにフォールバック" +"したい場合、この機能は有用です。" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "ドメイン名" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページにある " +"<quote>dns_discovery_domain</quote> パラメーターを参照してください。" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "プロトコル" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"問い合わせは通常プロトコルとして _tcp を指定します。その他はそれぞれのオプ" +"ションの説明にドキュメント化されています。" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "関連項目" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "サービス検索メカニズムに関する詳細は RFC 2782 を参照してください。" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "フェイルオーバー" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "フェイルオーバーの構文" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"サーバーの一覧がカンマ区切り一覧として与えられます。カンマの前後で空白はいく" +"つでも許されます。サーバーは性能の順番で一覧化されます。一覧はサーバーをいく" +"つでも含められます。" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "フェイルオーバーのメカニズム" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ID マッピング" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "マッピング・アルゴリズム" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "最小の設定 (<quote>[domain/DOMAINNAME]</quote> セクションにおいて):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "高度な設定" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (整数)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Active Directory ユーザーとグループの SID をマッピングするために使用する " +"POSIX ID の範囲の下限を指定します。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "初期値: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (整数)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Active Directory ユーザーとグループ SID をマッピングするために使用する POSIX " +"ID の範囲の上限を指定します。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "初期値: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (整数)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"各スライスに利用可能な ID 番号を指定します。範囲の大きさが最小値、最大値の中" +"にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (文字列)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (文字列)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "初期ドメインの名前を指定します。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (論理値)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"winbind の <quote>idmap_autorid</quote> アルゴリズムとより同じように振る舞う" +"ために ID マッピングのアルゴリズムの振る舞いを変更します。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" +"このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメイ" +"ンに単原子的に増加するよう割り当てられます。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"注記: このアルゴリズムは非決定的です (ユーザーとグループが要求された順番に依" +"存します)。このモードはマシンが実行中の winbind と互換性が必要ならば、少なく" +"とも一つのドメインが一貫してスライス 0 に割り当てられることを保証するために、" +"<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ" +"れます。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_range_size (整数)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "ヘルプメッセージを表示して終了します。" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "現在サポートされるデバッグレベル:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>例</emphasis>: 致命的なエラー、重大なエラー、深刻なエラーおよび関数" +"データをログに取得するには 0x0270 を使用します。" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>例</emphasis>: 致命的なエラー、設定値の設定、関数データ、内部制御関" +"数のトレースメッセージをログに取得するには 0x1310 を使用します。" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" +"<emphasis> これは実験的な機能です、何らかの問題を報告するには http://" +"fedorahosted.org/sssd を使用してください。 </emphasis>" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "ローカルドメイン" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲お" +"よび LDAP フィルター。" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "構文: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (文字列)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "UID 番号" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "ドメイン名" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "完全修飾ユーザー名 (user@domain)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"ユーザーのホームディレクトリーを上書きします。絶対パスまたはテンプレートを提" +"供できます。テンプレートでは、以下のシーケンスが置換されます: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "このオプションはドメインごとに設定できます。" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#~ msgid "" +#~ "Please note that the default values correspond to the default schema " +#~ "which is RFC2307." +#~ msgstr "初期値は RFC2307 の標準スキーマに対応することに注意してください。" + +#~ msgid "Default: ou" +#~ msgstr "初期値: ou" --- sssd-1.13.4.orig/src/man/po/lv.po +++ sssd-1.13.4/src/man/po/lv.po @@ -0,0 +1,11326 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Kristaps, 2012 +# Kristaps, 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" +"lv/)\n" +"Language: lv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : " +"2);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "APRAKSTS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Noklusējuma: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "pakalpojumi" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domēni" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "Noklusējuma: 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Noklusējuma: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "Noklusējuma: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "Noklusējuma: 0 (bez ierobežojuma)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Noklusējuma: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "Noklusējuma: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Noklusējuma: 0 (neierobežots)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "Noklusējuma: <quote>atļaut</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "Atbalstītās vērtības:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Noklusējuma: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "timeout (integer)" +msgid "cached_auth_timeout (int)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "Noklusējuma: <filename>/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "Noklusējuma: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "Noklusējuma: <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "Noklusējuma: <filename>/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "PIEMĒRS" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "KONFIGURĒŠANAS IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "Noklusējuma: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "Divi pašlaik atbalstītie mehānismi ir:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "parole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "Noklusējuma: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "Noklusējuma: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "Noklusējuma: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "Noklusējuma: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "Noklusējuma: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "Noklusējuma: 86400 (24 stundas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "Noklusējuma: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "Piemērs:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "Atļautas šādas vērtības:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "Noklusējuma: filtrēt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: posixAccount" +msgid "Default: automount" +msgstr "Noklusējuma: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "PAPLAŠINĀTĀS IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "PIEZĪMES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "Noklusējuma: 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Noklusējuma: 86400 (24 stundas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_userdel" +msgid "sss_override" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "COMMON OPTIONS" +msgstr "KONFIGURĒŠANAS IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "create a new user" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Noklusējuma: / tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "Noklusējuma: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "izveidot jaunu grupu" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "dzēst lietotāja kontu" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "dzēst grupu" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "SKATĪT ARĪ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/nl.po +++ sssd-1.13.4/src/man/po/nl.po @@ -0,0 +1,11387 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" +"nl/)\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD handleiding" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "muteer een groep" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "OMSCHRIJVING" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen " +"die via de opdrachtregel ingegeven zijn." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPTIES" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Voeg deze groep toe aan de groepen opgegeven met de <replaceable>GROEPEN</" +"replaceable> parameter. De <replaceable>GROEPEN</replaceable> parameter is " +"een kommagescheiden lijst van groepnamen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Verwijder deze groep uit de groepen opgegeven in de <replaceable>GROEPEN</" +"replaceable> parameter." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "Bestandsformaten en conventies" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "het configuratiebestand voor SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "BESTANDSFORMAAT" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en " +"parameters. Een sectie begint met de naam van de sectie in rechte haken en " +"gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie " +"met een enkele en een meervoudige parameter: <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en " +"booleaans (met de waardes <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Alle secties kunnen een optionele <replaceable>description</replaceable> " +"parameter bevatten. Dit fungeert slechts als label voor de sectie." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar " +"moet root zijn en alleen root mag hem lezen en schrijven." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "debug_level (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "SPECIALE SECTIES" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "De [sssd] sectie" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Sectie parameters" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger " +"gebruiken versie 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "diensten" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" +"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Aantal keer dat de service moet proberen om opnieuw te verbinden indien een " +"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domeinen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" +"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne " +"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om " +"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden " +"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik " +"van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false' " +"gezet worden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Standaard: true op systemen waar inotify is ondersteund. False op andere " +"systemen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Merk op: deze optie heeft geen effect op systemen waar inotify niet " +"beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv." +"conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet " +"opslaan." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "re_expression (string)" +msgid "certificate_verification (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "SERVICES SECTIE" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "Algemene service configuratie-opties" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "Deze opties kunnen gebruikt worden om services te configureren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "NSS configuratie-opties" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te " +"configurere." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie " +"over alle gebruikers)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Standaard: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Standaard: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +msgid "Default: /etc/pki/nssdb" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" +"Standaard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , " +"het domein alles daarna\"" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" +"MER OOK OP: oudere versies van libpcre ondersteunen alleen de Pyton syntaxis " +"(?P<name>) om subpatronen aan te geven." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Standaard: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "cached_auth_timeout (int)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: true" +msgid "Default: automount" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30 days" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "OPTIONS" +msgid "COMMON OPTIONS" +msgstr "OPTIES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "" +#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#| "replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "ZIE OOK" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/pt.po +++ sssd-1.13.4/src/man/po/pt.po @@ -0,0 +1,11433 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Miguel Sousa <migueljorgesousa@sapo.pt>, 2011 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" +"pt/)\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Páginas de Manual de SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "modificar um grupo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Opções</" +"replaceable></arg> <arg choice='plain'> <replaceable>grupo</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "DESCRIÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> modifica o grupo para refletir as alterações " +"que são especificadas na linha de comando." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "Opções" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Acrescente este grupo para grupos especificados pelo parâmetro de " +"<replaceable>GROUPS</replaceable>. O parâmetro de <replaceable>GROUPS</" +"replaceable> é uma lista separada por vírgulas de nomes de grupo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Remova este grupo de grupos especificados pelo parâmetro de " +"<replaceable>GROUPS</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "Formatos de ficheiros e convenções" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "o ficheiro de configuração para SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "FORMATAR FICHEIRO" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Os tipos de dados usados são cadeia de caracteres (sem aspas necessárias), " +"inteiro e bool (com valores de <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Todas as seções podem ter um parâmetro opcional <replaceable>description</" +"replaceable>. Sua função é apenas como um rótulo para a secção." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> deve ser um ficheiro regular, pertencente a " +"raiz e somente raiz pode ler ou gravar o arquivo." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "Padrão: false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Padrão: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "SECÇÕES ESPECIAIS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "A seção [SSSD]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Parâmetros de secção" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indica qual é a sintaxe do arquivo config. SSSD 0.6.0 e posterior utilização " +"versão 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "serviços" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" +"Lista de serviços que são iniciados quando SSSD propriamente dito começa " +"separados por vírgulas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Número de vezes que os serviços devem tentar reconectar-se no caso de uma " +"falha do provedor de dados ou reiniciar antes de eles desistirem" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Padrão: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domínios" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "re_expression (string)" +msgid "certificate_verification (string)" +msgstr "re_expression (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "Padrão: 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "Padrão: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "Padrão: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "allowed_shells (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "shell_fallback (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "Padrão: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "Padrão: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Padrão: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "pam_id_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +#, fuzzy +#| msgid "mail_dir (string)" +msgid "ca_db (string)" +msgstr "mail_dir (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "Padrão: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "SECÇÕES DE DOMÍNIO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "enumerate (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "Padrão: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "Padrão: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Padrão: 0 (ilimitado)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "id_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "auth_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "access_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Default: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "Default: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Padrão: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "override_gid (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "krb5_auth_timeout (integer)" +msgid "cached_auth_timeout (int)" +msgstr "krb5_auth_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "A secção de domínio local" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "default_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "Padrão: <filename>bash/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "base_directory (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "Padrão: <filename>/ home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "create_homedir (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "Padrão: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "remove_homedir (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "homedir_umask (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "Padrão: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "skel_dir (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "Padrão: <filename>skel/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "mail_dir (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "Padrão: <filename>mail/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "userdel_cmd (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "Padrão: None, nenhum comando é executado" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "EXEMPLO" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "OPÇÕES DE CONFIGURAÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Padrão: empty, ou seja, ldap_uri é usado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "Exemplos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "Padrão: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "Padrão: diret" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "Padrão: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "Padrão: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "Padrão: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "Padrão: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "Padrão: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "Padrão: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "Padrão: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "Padrão: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "Padrão: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "Padrão: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "Padrão: NC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "Padrão: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "ldap_group_search_base (string)" +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "Padrão: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "Padrão: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = O cliente não irá solicitar ou verificar " +"qualquer certificado de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "Padrão: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "Padrão: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "Padrão: 86400 (24 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "Padrão: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "ldap_deref (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "ldap_opt_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: none" +msgid "Default: automount" +msgstr "Padrão: none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "OPÇÕES AVANÇADAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTAS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "Módulo PAM para SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "MÓDULOS TIPO FORNECIDOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "FICHEIROS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "ipa_domain (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +#, fuzzy +#| msgid "id_provider (string)" +msgid "dyndns_server (string)" +msgstr "id_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "Default: Use base DN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "Padrão: 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Padrão: 86400 (24 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "Padrão: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "Daemon de serviços de segurança do sistema" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "Tornar-se um daemon após a instalação." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "Executar em primeiro plano, não se torne um daemon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "Imprimir o número da versão e sair." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "Sinais" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "ofuscar uma senha de texto não criptografado" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_usermod" +msgid "sss_override" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "COMMON OPTIONS" +msgstr "OPÇÕES DE CONFIGURAÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Padrão: Usar o KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Padrão: /tmp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (string)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "nome de login" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "nome principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nome de território" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "um literal '%'" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "Padrão: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Padrão: não definido, ou seja, o TGT não é renovável" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "excluir um grupo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "<option>-R</option>,<option>--recursive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "modificar uma conta de utilizador" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "<option>-l</option>,<option>--lock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" +"Bloquear a conta do utilizador. O utilizador não será capaz de efetuar login." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "<option>-u</option>,<option>--unlock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "Desbloquear a conta de utilizador." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VER TAMBÉM" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "DESCOBERTA DE SERVIÇOS" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuração" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "O nome de domínio" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "O protocolo" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Ver também" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +#, fuzzy +#| msgid "ldap_page_size (integer)" +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_page_size (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Exibe a mensagem de ajuda e sai." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (string)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "Número UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "nome de domínio" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "nome totalmente qualificado do utilizador (utilizador@domínio)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/pt_BR.po +++ sssd-1.13.4/src/man/po/pt_BR.po @@ -0,0 +1,11302 @@ +# Marco Aurélio Krause <ouesten@me.com>, 2015. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2015-10-27 08:16-0400\n" +"Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n" +"Language-Team: Portuguese (Brazil)\n" +"Language: pt-BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Zanata 3.8.3\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "Modificar um grupo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "DESCRIÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPÇÕES" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +msgid "Default: /etc/pki/nssdb" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +msgid "wildcart_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +msgid "Default: automount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "OPTIONS" +msgid "COMMON OPTIONS" +msgstr "OPÇÕES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/ru.po +++ sssd-1.13.4/src/man/po/ru.po @@ -0,0 +1,11315 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Artyom Kunyov <artkun@guitarplayer.ru>, 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/" +"ru/)\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Справка по SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "изменить группу" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "ОПИСАНИЕ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "ОПЦИИ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.CONF" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "Файл конфигурации SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "ФОРМАТ ФАЙЛА" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "По умолчанию: false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "По умолчанию: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "службы" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "попыток_соединения (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "По умолчанию: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "домены" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "По умолчанию: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "По умолчанию: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "По умолчанию: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "По умолчанию: 0 (неограничено)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "По умолчанию: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "В настоящее время sssd поддерживает следующие значения:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "По умолчанию: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: gecos" +msgid "Default: /etc/pki/nssdb" +msgstr "По умолчанию: gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "По умолчанию: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "По умолчанию: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "Поддерживаемые значения:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "По умолчанию: использовать доменное имя из hostname" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "По умолчанию: <filename>/home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "По умолчанию: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "По умолчанию: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "По умолчанию: <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "По умолчанию: <filename>/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "ПРИМЕР" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "По умолчанию: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "пароль" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "По умолчанию: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "По умолчанию: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "По умолчанию: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "По умолчанию: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "По умолчанию: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "По умолчанию: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "По умолчанию: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "По умолчанию: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +msgid "wildcart_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: root" +msgid "Default: automount" +msgstr "По умолчанию: root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30 days" +msgstr "По умолчанию: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "COMMON OPTIONS" +msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "СМ. ТАКЖЕ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/tg.po +++ sssd-1.13.4/src/man/po/tg.po @@ -0,0 +1,11313 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" +"tg/)\n" +"Language: tg\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "ШАРҲ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "ИМКОНОТҲО" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "Формати файл" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Пешфарз: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "Пешфарз: false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Пешфарз: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Пешфарз: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "Пешфарз: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Пешфарз: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "Пешфарз: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "Пешфарз: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "Пешфарз: 0 (Номаҳдуд)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "Пешфарз: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Пешфарз: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Пешфарз: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /bin/sh" +msgid "Default: /etc/pki/nssdb" +msgstr "Пешфарз: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "Пешфарз: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "Пешфарз: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Пешфарз: 0 (номаҳдуд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Пешфарз: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "Пешфарз: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "НАМУНА" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "Намунаҳо:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "Пешфарз: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "парол" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "Пешфарз: парол" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "Пешфарз: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "Пешфарз: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "Намуна:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +msgid "wildcart_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: root" +msgid "Default: automount" +msgstr "Пешфарз: root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "ЭЗОҲҲО" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "ФАЙЛҲО" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30 days" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "OPTIONS" +msgid "COMMON OPTIONS" +msgstr "ИМКОНОТҲО" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "Номи логин" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Ҷӯрсозӣ" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "Рақами UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/man/po/uk.po +++ sssd-1.13.4/src/man/po/uk.po @@ -0,0 +1,14218 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# sgallagh <sgallagh@redhat.com>, 2011 +# Yuri Chornoivan <yurchor@ukr.net>, 2011-2014 +# Yuri Chornoivan <yurchor@ukr.net>, 2013 +# Yuri Chornoivan <yurchor@ukr.net>, 2015. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2015-06-26 04:33-0400\n" +"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" +"Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/" +"uk/)\n" +"Language: uk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "Сторінки підручника SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "зміна групи" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "ОПИС" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" +"<command>sss_groupmod</command> змінює назву групи відповідно до змін, " +"внесених за допомогою командного рядка." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>ГРУПИ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Додати групу до груп, вказаних за допомогою параметра <replaceable>ГРУПИ</" +"replaceable>. Параметр <replaceable>ГРУПИ</replaceable> є списком груп, " +"відокремлених комами." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>ГРУПИ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Вилучає групу з груп, вказаних за допомогою параметра <replaceable>ГРУПИ</" +"replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "Формати файлів та правила" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "файл налаштування SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "ФОРМАТ ФАЙЛА" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[розділ]</replaceable>\n" +"<replaceable>ключ</replaceable> = <replaceable>значення</replaceable>\n" +"<replaceable>ключ2</replaceable> = <replaceable>значення2,значення3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Файл складено з використанням синтаксичний конструкцій у стилі ini, він " +"складається з розділів і окремих записів параметрів. Розділ починається з " +"рядка назви розділу у квадратних дужках і продовжується до початку нового " +"розділу. Приклад розділу з параметрами, які мають єдине і декілька значень: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Типами даних є рядок (без символів лапок), ціле число і булеве значення " +"(можливі два значення — <quote>TRUE</quote> і <quote>FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Рядок коментаря починається з символу решітки (<quote>#</quote>) або крапки " +"з комою (<quote>;</quote>). Підтримки вбудованих коментарів не передбачено." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Для всіх розділів передбачено додатковий параметр <replaceable>description</" +"replaceable>. Його призначено лише для позначення розділу." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> має бути звичайним файлом, власником якого є " +"користувач root. Права на читання та запис до цього файла повинен мати лише " +"користувач root." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "ЗАГАЛЬНІ ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Нижче наведено параметри, які можна використовувати у декількох розділах " +"налаштувань." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "Параметри, які можна використовувати у всіх розділах" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "debug_level (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Додати часову позначку до діагностичних повідомлень. Якщо для запису " +"діагностичного журналу у SSSD увімкнено journald, цей параметр буде " +"проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "Типове значення: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Додати значення мікросекунд до часової позначки у діагностичних " +"повідомлення. Якщо для запису діагностичного журналу у SSSD увімкнено " +"journald, цей параметр буде проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "Типове значення: false" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Параметри які можна використовувати у розділах SERVICE та DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" +"Проміжок у секундах між циклами роботи цієї служби. Використовується для " +"перевірки працездатності процесу та його змоги відповідати на запити." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "Типове значення: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "ОСОБЛИВІ РОЗДІЛИ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "Розділ [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "Параметри розділу" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "config_file_version (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Визначає версію синтаксичних конструкцій файла налаштування. Для версій SSSD " +"0.6.0 та пізніших слід використовувати версію 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" +"Список служб, записи якого відокремлено комами, які слід запускати у разі " +"запуску sssd." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</" +"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder" +"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Кількість повторних спроб встановлення зв’язку зі службами або їх " +"перезапуску у разі аварійного завершення роботи інструменту надання даних до " +"визнання подальших спроб безнадійними." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "Типове значення: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" +"Домен — це база даних, у якій містяться дані щодо користувачів. SSSD може " +"одночасно використовувати декілька доменів. Вам слід вказати принаймні один " +"домен, інакше SSSD просто не запуститься. За допомогою цього параметра можна " +"вказати список доменів, впорядкованих за пріоритетністю під час надсилання " +"до них запитів щодо даних. Назва домену має складатися лише з літер і цифр " +"ASCII, дефісів, крапок та знаків підкреслювання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "re_expression (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"Типовий формальний вираз, який описує спосіб поділу рядка з іменем " +"користувача і доменом на його частини." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" +"Для кожного з доменів можна налаштувати окремий формальний вираз. Для деяких " +"з засобів надання ідентифікаторів передбачено типові формальні вирази. " +"Докладніше про ці формальні вирази можна дізнатися з довідки до РОЗДІЛІВ " +"ДОМЕНІВ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "full_name_format (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Сумісний з <citerefentry> <refentrytitle>printf</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> формат, який описує спосіб " +"створення повного імені на основі імені користувача та компонентів назви " +"домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "ім’я користувача" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"проста назва домену. Здебільшого використовується для доменів Active " +"Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Передбачено використання таких замінників: <placeholder type=\"variablelist" +"\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Для кожного з доменів можна налаштувати окремий рядок формату. Докладніше " +"про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "try_inotify (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" +"SSSD спостерігає за станом resolv.conf для визначення моменту, коли слід " +"оновити дані вбудованого інструменту визначення DNS. Типово, з цією метою " +"використовується inotify. У разі неможливості використання inotify, " +"виконуватиметься опитування resolv.conf кожні п’ять секунд." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Зрідка бажано не вдаватися навіть до спроб скористатися inotify. У цих " +"рідкісних випадках слід встановити для цього параметра значення «false»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Типове значення: «true» на платформах, де підтримується inotify. «false» на " +"інших платформах." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Зауваження: цей параметр ні на що не вплине на платформах, де inotify " +"недоступний. На цих платформах завжди використовуватиметься безпосереднє " +"опитування файла." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Цей параметр приймає особливе значення __LIBKRB5_DEFAULTS__, за допомогою " +"якого можна наказати SSSD надати змогу libkrb5 визначити відповідну адресу " +"для кешу відтворення." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Типове значення: визначається дистрибутивом та вказується під час збирання. " +"(__LIBKRB5_DEFAULTS__, якщо не вказано)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" +"Користувач, правами доступу якого слід користуватися там, де це є доречним, " +"щоб уникнути роботи від імені користувача root." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "Типове значення: не встановлено, процес буде запущено від імені root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Цей рядок буде використано як типову назву домену для всіх назв без " +"компонента назви домену. Основним призначенням використання цього рядка є " +"середовища, де основний домен призначено для керування правилами вузлів та " +"всіма користувачами, розташованими на надійному (довіреному) домені. За " +"допомогою цього параметра користувачі можуть входити до системи за допомогою " +"лише імені користувача без додавання до нього назви домену." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" +"Будь ласка, зауважте, що якщо встановлено цей параметр, для усіх " +"користувачів із основного домену доведеться використовувати ім’я повністю, " +"тобто користувач@назва.домену, для входу до системи. Встановлення цього " +"параметра змінює типове значення use_fully_qualified_names на True. Цей " +"параметр не можна використовувати у поєднанні із значенням " +"use_fully_qualified_names рівним False." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "Типове значення: not set" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "override_space (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" +"За допомогою цього параметра можна змінити пробіли у іменах користувачів та " +"назвах груп вказаним симовлом, наприклад _. Ім’я користувача «john doe» буде " +"перетворено на «john_doe». Цю можливість було додано для сумісності із " +"скриптами командної оболонки, у яких виникають проблеми із обробкою пробілів " +"через типовий роздільник полів у оболонці." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" +"Будь ласка, зауважте, що використання символу-замінника, який може бути " +"використано у іменах користувачів і назвах груп, є помилкою у налаштуваннях. " +"Якщо назва містить символ-замінник, SSSD спробує повернути незмінену назву, " +"але, загалом, результат пошуку буде невизначеним." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Типове значення: не встановлено (пробіли не замінятимуться)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "certificate_verification (string)" +msgstr "ldap_user_certificate (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +#, fuzzy +#| msgid "" +#| "Treat user and group names as case sensitive. At the moment, this option " +#| "is not supported in the local provider. Possible option values are: " +#| "<placeholder type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Враховувати регістр записів імен користувачів та назв груп. У поточній " +"версії підтримку передбачено лише для локальних надавачів даних. Можливі " +"значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +#, fuzzy +#| msgid "Default: not set, i.e. service discovery is disabled" +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Окремі функції у SSSD виконуються особливими службами SSSD, які запускаються " +"і зупиняються разом SSSD. Ці служби керуються окремою службою, яку часто " +"називають «монітором». Розділ <quote>[sssd]</quote> використовується для " +"налаштування монітора та деяких інших важливих параметрів, зокрема доменів " +"профілів. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "РОЗДІЛИ СЛУЖБ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"У цьому розділі описано параметри, якими можна скористатися для налаштування " +"різноманітних служб. Ці параметри має бути зібрано у розділах з назвами " +"[<replaceable>$NAME</replaceable>]. Наприклад, параметри служби NSS зібрано " +"у розділі <quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "Загальні параметри налаштування служб" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"За допомогою цього параметра можна визначити максимальну кількість " +"дескрипторів файлів, які одночасно може бути відкрито цим процесом SSSD. У " +"системах, де SSSD надано можливості CAP_SYS_RESOURCE, цей параметр " +"використовуватиметься незалежно від інших параметрів системи. У системах без " +"цієї можливості, кількість дескрипторів визначатиметься найменшим зі значень " +"цього параметра і обмеженням \"hard\" у limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" +"За допомогою цього параметра можна визначити кількість секунд, протягом яких " +"клієнтська частина SSSD може утримувати дескриптор файла без здійснення за " +"його допомогою обміну даними. Таке обмеження потрібне для того, щоб уникнути " +"вичерпання ресурсів системи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "Типове значення: 60" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "force_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" +"Якщо служба не відповідає на перевірки луна-імпульсом (пінгом) (див. " +"параметр <quote>timeout</quote>), система спочатку надсилає сигнал SIGTERM, " +"яким наказує службі завершити роботу у штатному режимі. Якщо служба не " +"завершить роботу протягом часу, визначено параметром <quote>force_timeout</" +"quote> у секундах, монітор примусово завершить роботу служби надсиланням " +"сигналу SIGKILL." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" +"Коли SSSD перемикається на автономний режим роботи, час, який має минути, " +"перш ніж буде здійснено спробу повернутися до режиму у мережі, " +"збільшуватиметься, відповідно до часу, проведеного у режимі від’єднання. Це " +"значення вказується у секундах і обчислюється за такою формулою:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "час_очікування_для_переходу_у_автономний_режим + випадковий_зсув" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" +"Випадковий зсув може збільшувати час на інтервал до 30 секунд. Після кожної " +"невдалої спроби переходу до режиму у мережі новий інтервал часу обчислюється " +"таким чином:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "новий_інтервал = старий_інтервал*2 + випадковий_зсув" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" +"Зауважте, що максимальна тривалість кожного з інтервалів у поточній версії " +"обмежено однією годиною. Якщо обчислена тривалість нового інтервалу " +"перевищує годину, буде встановлено інтервал у одну годину." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" +"Визначає список параметрів налаштування, які слід успадковувати для " +"піддомену. Будь ласка, зауважте, що успадковуватимуться лише вказані " +"параметри. У поточній версії передбачено можливість успадковування таких " +"параметрів:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "Типове значення: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "Параметри налаштування NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Цими параметрами можна скористатися для налаштування служби Name Service " +"Switch (NSS або перемикання служби визначення назв)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Тривалість зберігання переліків (запитів щодо даних всіх користувачів) у " +"кеші nss_sss у секундах" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "Типове значення: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"Можна встановити кеш записів для автоматичного оновлення записів у фоновому " +"режимі, якщо запит щодо них надходить у визначений у відсотках від " +"entry_cache_timeout для домену період часу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Наприклад, якщо entry_cache_timeout домену встановлено у значення 30s, а " +"entry_cache_nowait_percentage — у значення 50 (у відсотках), записи, які " +"надійдуть за 15 секунд після останнього оновлення кешу, буде повернуто " +"одразу, але SSSD оновить власний кеш, отже наступні запити очікуватимуть на " +"розблокування після оновлення кешу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Коректними значеннями цього параметра є 0-99. Ці значення відповідають " +"відсоткам entry_cache_timeout для кожного з доменів. З міркувань покращення " +"швидкодії це відсоткове значення ніколи не зменшуватиме час очікування " +"nowait до значення, меншого за 10 секунд. Визначення значення 0 вимкне цю " +"можливість." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "Типове значення: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Визначає кількість секунд, протягом яких nss_sss має кешувати негативні " +"результати пошуку у кеші (тобто запити щодо некоректних записів у базі " +"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "Типове значення: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" +"Виключити певних користувачів зі списку отримання даних з бази даних NSS " +"sss. Таке виключення може бути корисним для облікових записів керування " +"системою. Цей параметр також можна встановлювати для кожного з доменів " +"окремо або включити до нього імена користувачів повністю для обмеження " +"списку користувачами лише з певного домену." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "Типове значення: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Якщо ви хочете, щоб фільтровані користувачі залишалися учасниками груп, " +"встановіть для цього параметра значення «false»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Встановити типовий шаблон назви домашнього каталогу користувача, якщо цей " +"каталог не вказано явним чином засобом надання даних домену." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Можливі варіанти значень для цього параметра збігаються з варіантами значень " +"для параметра override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Типове значення: не встановлено (без замін для невстановлених домашніх " +"каталогів)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "override_shell (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Перевизначити командну оболонку входу до системи для усіх користувачів. Цей " +"параметр має пріоритет над будь-якими іншими параметрами визначення " +"командної оболонки, якщо він діє. Його можна встановити або у розділі [nss] " +"або для кожного з доменів окремо." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Типове значення: не встановлено (SSSD використовуватиме значення, отримане " +"від LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "allowed_shells (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Обмежити перелік можливих командних оболонок користувачів вказаними. Порядок " +"визначення оболонки є таким:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" +"1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Якщо оболонку вказано у списку allowed_shells, але її немає у списку " +"<quote>/etc/shells</quote>, буде використано значення параметра " +"shell_fallback." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Якщо оболонку не вказано у списку allowed_shells і її немає у списку " +"<quote>/etc/shells</quote>, буде використано оболонку nologin." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" +"Для визначення будь-якої командної оболонки можна скористатися шаблоном " +"заміни (*)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" +"Значенням (*) варто користуватися, якщо ви хочете скористатися " +"shell_fallback, коли командної оболонки користувача немає у «/etc/shells», а " +"супровід списку усіх командних оболонок у allowed_shells є надто марудною " +"справою." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "Порожній рядок оболонки буде передано без обробки до libc." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"Читання <quote>/etc/shells</quote> виконується лише під час запуску SSSD, " +"тобто у разі встановлення нової оболонки слід перезапустити SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" +"Типове значення: не встановлено. Автоматично використовується оболонка " +"користувача." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "Замінити всі записи цих оболонок на shell_fallback" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "shell_fallback (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"Типова оболонка, яку слід використовувати, якщо дозволеної оболонки у " +"системі не встановлено." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "Типове значення: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"Типова командна оболонка, яку буде використано, якщо засобом надання даних " +"не було повернуто назви оболонки під час пошуку. Цей параметр можна вказати " +"або на загальному рівні у розділі [nss], або окремо для кожного з доменів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Типове значення: не встановлено (повернути NULL, якщо оболонку не " +"встановлено і покластися на libc у визначенні потрібного програмі значення, " +"зазвичай /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Визначає час у секундах, протягом якого список піддоменів вважатиметься " +"чинним." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "memcache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid" +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" +"Визначає час у секундах, протягом якого список піддоменів вважатиметься " +"чинним." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "Типове значення: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +#, fuzzy +#| msgid "" +#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +#| "applications will not use the fast in memory cache." +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" +"Якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено значення «NO», " +"клієнтські програми не використовуватимуть fast у кеші у пам’яті." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "user_attributes (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +#, fuzzy +#| msgid "" +#| "Some of the additional NSS responder requests can return more attributes " +#| "than just the POSIX ones defined by the NSS interface. The list of " +#| "attributes is controlled by this option. It is handle the same way as the " +#| "<quote>user_attributes</quote> option of the InfoPipe responder (see " +#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for details) but with no default values." +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" +"Деякі із додаткових запитів до відповідача NSS можуть повертати більшу " +"кількість атрибутів, ніж це визначено POSIX для інтерфейсу NSS. Списком " +"атрибутів можна керувати за допомогою цього параметра. Обробка виконується у " +"той самий спосіб, що і для параметра «user_attributes» відповідача InfoPipe " +"(див. <citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" +"Щоб полегшити налаштовування відповідач NSS перевірятиме параметр InfoPipe " +"на те, чи не встановлено його для відповідача NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" +"Типове значення: не встановлено, резервне значення визначається за " +"параметром InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "Параметри налаштування PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Цими параметрами можна скористатися для налаштування служби Pluggable " +"Authentication Module (PAM або блокового модуля розпізнавання)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"У разі неможливості встановлення з’єднання з сервером розпізнавання визначає " +"тривалість зберігання кешованих входів (у днях з часу останнього успішного " +"входу до системи)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "Типове значення: 0 (без обмежень)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"У разі неможливості встановлення з’єднання з сервером розпізнавання визначає " +"дозволену кількість спроб входу з визначенням помилкового пароля." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"Час у хвилинах, який має пройти між досягненням значення " +"offline_failed_login_attempts і повторним вмиканням можливості входу до " +"системи." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Якщо встановлено значення 0, користувач не зможе пройти розпізнавання у " +"автономному режимі, якщо буде досягнуто значення " +"offline_failed_login_attempts. Лише успішне розпізнавання може знову " +"увімкнути можливість автономного розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "Типове значення: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Керує типами повідомлень, які буде показано користувачеві під час " +"розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "У поточній версії sssd передбачено підтримку таких значень:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Типове значення: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Для кожного з запитів PAM під час роботи SSSD система SSSD зробить спробу " +"негайно оновити кешовані дані щодо профілю користувача з метою переконатися, " +"що розпізнавання виконується на основі найсвіжіших даних." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Повний обмін даними сеансу PAM може включати декілька запитів PAM, зокрема " +"для керування обліковими записами та відкриття сеансів. За допомогою цього " +"параметра можна керувати (для окремих клієнтів-програм) тривалістю (у " +"секундах) кешування даних профілю з метою уникнути повторних викликів засобу " +"надання даних профілів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" +"Показати попередження за вказану кількість днів перед завершенням дії пароля." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення " +"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати " +"попередження." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Якщо встановлено нульове значення, цей фільтр не застосовуватиметься, тобто " +"якщо з сервера обробки надійде попередження щодо завершення строку дії, його " +"буде автоматично показано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Цей параметр може бути перевизначено встановленням параметра " +"<emphasis>pwd_expiration_warning</emphasis> для окремого домену." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Типове значення: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Визначає список значень UID або імен користувачів, відокремлених комами. \n" +"Користувачам з цього списку буде дозволено доступ до відповідача PAM. UID " +"за \n" +"іменами користувачів визначатимуться під час запуску." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" +"Типове значення: all (Доступ до відповідача PAM отримують усі користувачі)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" +"Будь ласка, зауважте, що користувачеві з UID 0 завжди мають доступ до " +"відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" +"Визначає список назв доменів, відокремлених комами, доступ до яких можуть " +"отримувати навіть ненадійні користувачі." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "Визначено два спеціальних значення параметра pam_public_domains:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" +"all (Ненадійним користувачам відкрито доступ до усіх доменів у відповідачі " +"PAM.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" +"none (Ненадійним користувачам заборонено доступ до усіх доменів PAM у " +"відповідачі.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, fuzzy, no-wrap +#| msgid "" +#| "pam_account_expired_message = Account expired, please call help desk.\n" +#| " " +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Account expired, please call help desk.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +#, fuzzy +#| msgid "pam_account_expired_message (string)" +msgid "pam_account_locked_message (string)" +msgstr "pam_account_expired_message (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, fuzzy, no-wrap +#| msgid "" +#| "pam_account_expired_message = Account expired, please call help desk.\n" +#| " " +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Account expired, please call help desk.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "p11_child_timeout (integer)" +msgstr "pam_id_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "Параметри налаштування SUDO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Цими параметрами можна скористатися для налаштовування служби sudo. Докладні " +"настанови щодо налаштовування <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> на роботу з " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> можна знайти на сторінці довідника <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Визначає, чи слід обробляти атрибути sudoNotBefore і sudoNotAfter, " +"призначені для визначення часових обмежень для записів sudoers." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "Параметри налаштування AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "Цими параметрами можна скористатися для налаштування служби autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Визначає кількість секунд, протягом яких відповідач autofs має кешувати " +"негативні результати пошуку у кеші (тобто запити щодо некоректних записів у " +"базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "Параметри налаштувань SSH" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "Цими параметрами можна скористатися для налаштування служби SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"Кількість секунд, протягом яких запису вузла зберігатиметься у керованому " +"файлі known_hosts після надсилання запиту щодо ключів вузла." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "Типове значення: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +#, fuzzy +#| msgid "mail_dir (string)" +msgid "ca_db (string)" +msgstr "mail_dir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +#, fuzzy +#| msgid "Default: /etc/krb5.keytab" +msgid "Default: /etc/pki/nssdb" +msgstr "Типове значення: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "Параметри налаштування відповідача PAC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" +"Відповідач PAC працює разом з додатком даних уповноваження для " +"sssd_pac_plugin.so зі складу MIT Kerberos та засобу надання даних " +"піддоменів. Цей додаток надсилає до відповідача PAC дані PAC під час " +"розпізнавання за допомогою GSSAPI. Засіб надання даних піддоменів збирає " +"дані щодо діапазонів SID і ID домену, до якого долучено клієнт, та " +"віддалених надійних доменів з локального контролера доменів. Якщо PAC " +"декодовано і визначено, виконуються деякі з таких дій:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" +"Якщо у кеші немає даних віддаленого користувача, запис цих даних буде " +"створено. UID буде визначено за допомогою SID, надійні домени матимуть UPG, " +"а gid матиме те саме значення, що і UID. Дані домашнього каталогу буде " +"засновано на значенні параметра subdomain_homedir. Типово, для командної " +"оболонки буде вибрано порожнє значення, тобто використовуватимуться типові " +"параметри системи. Значення для оболонки можна змінити за допомогою " +"параметра default_shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"Якщо існують SID груп з доменів, про які відомо SSSD, запис користувача буде " +"додано до цих груп." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Цими параметрами можна скористатися для налаштовування відповідача PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "allowed_uids (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Визначає список значень UID або імен користувачів, відокремлених комами. " +"Користувачам з цього списку буде дозволено доступ до відповідача PAC. UID за " +"іменами користувачів визначатимуться під час запуску." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Типове значення: 0 (доступ до відповідача PAC має лише адміністративний " +"користувач (root))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID " +"буде перевизначено на основі цього параметра. Якщо ви хочете надати " +"адміністративному користувачеві (root) доступ до відповідача PAC, що може " +"бути типовим варіантом, вам слід додати до списку UID з правами доступу " +"запис 0." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "РОЗДІЛИ ДОМЕНІВ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (ціле значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Обмеження UID і GID для домену. Якщо у домені міститься запис, що не " +"відповідає цим обмеженням, його буде проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Для користувачів зміна цього параметра вплине на основне обмеження GID. " +"Запис користувача не буде повернуто до NSS, якщо UID або основний GID не " +"належать вказаному діапазону. Записи користувачів, які не є учасниками " +"основної групи і належать діапазону, буде виведено у звичайному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Ці обмеження на ідентифікатори стосуються і збереження записів до кешу, не " +"лише повернення записів за назвою або ідентифікатором." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "enumerate (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" +"Визначає, чи можна нумерувати домен. Цей параметр може мати одне з таких " +"значень:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = користувачі і групи нумеруються" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = не використовувати нумерацію для цього домену" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "Типове значення: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" +"Зауваження: вмикання нумерації помірно знизить швидкодію SSSD на час " +"виконання нумерації. Нумерація може тривати до декількох хвилин після " +"запуску SSSD. Протягом виконання нумерації окремі запити щодо даних буде " +"надіслано безпосередньо до LDAP, хоча і з уповільненням через навантаження " +"системи виконанням нумерації. Збереження великої кількості записів до кешу " +"після завершення нумерації може також значно навантажити процесор, оскільки " +"повторне визначення параметрів участі також іноді є складним завданням." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Під час першого виконання нумерації запити щодо повних списків користувачів " +"та груп можуть не повертати жодних результатів, аж доки нумерацію не буде " +"завершено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Крім того, вмикання нумерації може збільшити час, потрібний для виявлення " +"того, що мережеве з’єднання розірвано, оскільки потрібне буде збільшення " +"часу очікування для забезпечення успішного завершення пошуків нумерації. Щоб " +"отримати додаткову інформацію, зверніться до сторінок довідника (man) " +"відповідного використаного засобу обробки ідентифікаторів (id_provider)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"З вказаних вище причин не рекомендуємо вам вмикати нумерацію, особливо у " +"об’ємних середовищах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "Усі виявлені надійні домени буде пронумеровано" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "Нумерація виявлених надійних доменів не виконуватиметься" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Визначає, чи слід нумерувати усі автоматично виявлені надійні (довірені) " +"домени. Підтримувані значення: <placeholder type=\"variablelist\" id=\"0\"/> " +"Якщо потрібно, можна вказати список з однієї або декількох назв надійних " +"доменів, для яких буде увімкнено нумерацію." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Дані щодо часових позначок завершення строку дії записів кешу зберігаються " +"як атрибути окремих об’єктів у кеші. Тому зміна часу очікування на дані у " +"кеші впливає лише на нові записи та записи, строк дії яких вичерпано. Для " +"примусового оновлення записів, які вже було кешовано, вам слід запустити " +"програму <citerefentry> <refentrytitle>sss_cache</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "Типове значення: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи користувачів " +"чинними, перш ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "Типове значення: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи груп чинними, перш " +"ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи мережевих груп " +"чинними, перш ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи служб чинними, перш " +"ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"Кількість секунд, протягом яких sudo вважатиме правила чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"Кількість секунд, протягом яких служба autofs вважатиме карти автомонтування " +"чинними, перш ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"Кількість секунд, протягом яких слід зберігати ключ ssh вузла після " +"оновлення. Іншими словами, параметр визначає тривалість зберігання ключа " +"вузла у кеші." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Визначає кількість секунд, протягом яких SSSD має очікувати до запуску " +"завдання з оновлення у фоновому режимі записів кешу, строк дії яких " +"вичерпано або майже вичерпано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" +"Під час фонового оновлення виконуватиметься обробка записів користувачів, " +"груп та мережевих груп у кеші." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" +"Варто визначити для цього параметра значення 3/4 * entry_cache_timeout." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "Типове значення: 0 (вимкнено)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" +"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному " +"кеші LDB" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" +"Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у " +"форматі звичайного тексту" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "cache_credentials_minimal_first_factor_length (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +#, fuzzy +#| msgid "" +#| "If 2-Factor-Authentication (2FA) is used and credentials should be saved " +#| "this value determines the minimal lenght the first authentication factor " +#| "(long term password) must have to be saved as SHA512 hash into the cache." +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"Якщо використано двофакторне розпізнавання (2FA) і реєстраційні дані мають " +"зберігатися, це значення визначає мінімальну довжину першого фактора " +"розпізнавання (довготривалого пароля), який має бути збережено у форматі " +"контрольної суми SHA512 у кеші." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" +"Таким чином забезпечується уникнення випадку, коли короткі PIN-коди " +"заснованої на PIN-кодах схеми 2FA зберігаються у кеші, що робить їх простою " +"мішенню атак із перебиранням паролів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "Типове значення: 8" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Кількість днів, протягом яких записи залишатимуться у кеші після успішного " +"входу до системи до вилучення під час спорожнення кешу. 0 — не вилучати " +"записи. Значення цього параметра має бути більшим або рівним значенню " +"offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "Типове значення: 0 (без обмежень)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення " +"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати " +"попередження. Крім того для цього сервера може бути вказано службу надання " +"даних розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "id_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"Засіб надання даних ідентифікації, який використовується для цього домену. " +"Серед підтримуваних засобів такі:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "«proxy»: підтримка застарілого модуля надання даних NSS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: засіб LDAP. Докладніше про налаштовування LDAP можна " +"дізнатися з довідки до <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" +"<quote>ipa</quote>: засіб FreeIPA та керування профілями Red Hat Enterprise. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: засіб Active Directory. Докладніші відомості щодо " +"налаштовування Active Directory викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Використовувати ім’я та домен повністю (у форматі, визначеному " +"full_name_format домену) як ім’я користувача у системі, що повідомляється " +"NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Якщо встановлено значення TRUE, всі запити до цього домену мають " +"використовувати повні назви. Наприклад, якщо використано домен LOCAL, який " +"містить запис користувача «test» user, <command>getent passwd test</command> " +"не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"ЗАУВАЖЕННЯ: цей параметр не впливатиме на пошук у мережевих групах через " +"тенденцію до включення до таких груп вкладених мережевих груп. Для мережевих " +"груп, якщо задано неповну назву, буде виконано пошук у всіх доменах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "Типове значення: FALSE (TRUE, якщо використано default_domain_suffix)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "Не повертати записи учасників груп для пошуків груп." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" +"Якщо встановлено значення TRUE, сервер LDAP не запитуватиме дані щодо " +"атрибутів участі у групах, а списки учасників груп не повертаються під час " +"обробки запитів щодо пошуку груп, зокрема <citerefentry> " +"<refentrytitle>getgrnam</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry> або <citerefentry> <refentrytitle>getgrgid</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry>. Отже, <quote>getent group " +"$groupname</quote> поверне запитану групу так, наче вона була порожня." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" +"Вмикання цього параметра може також значно пришвидшити перевірки засобу " +"надання доступу для участі у групі, особливо для груп, у яких багато " +"учасників." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "auth_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"Служба розпізнавання, яку використано для цього домену. Серед підтримуваних " +"служб розпізнавання:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — вбудоване розпізнавання LDAP. Докладніші відомості " +"щодо налаштовування LDAP викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — вбудоване розпізнавання Kerberos. Докладніші відомості " +"щодо налаштовування Kerberos викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Типове значення: буде використано <quote>id_provider</quote>, якщо цей " +"спосіб встановлено і можлива обробка запитів щодо розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "access_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"Програма керування доступом для домену. Передбачено дві вбудованих програми " +"керування доступом (окрім всіх встановлених додаткових серверів). " +"Вбудованими програмами є:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> дозволяти доступ завжди. Єдиний дозволений засіб " +"доступу для локального домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> — завжди забороняти доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> — керування доступом на основі списків дозволу або " +"заборони. Докладніші відомості щодо налаштовування модуля доступу simple " +"можна знайти у довідці до <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "Типове значення: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "chpass_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"Система, яка має обробляти дії зі зміни паролів для домену. Передбачено " +"підтримку таких систем зміни паролів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — змінити пароль, що зберігається на сервері LDAP. " +"Докладніші відомості щодо налаштовування LDAP викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — змінити пароль Kerberos. Докладніші відомості щодо " +"налаштовування Kerberos викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Типове значення: використовується «auth_provider», якщо встановлено значення " +"цього параметра і якщо система здатна обробляти запити щодо паролів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "sudo_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"Служба SUDO, яку використано для цього домену. Серед підтримуваних служб " +"SUDO:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> для правил, що зберігаються у LDAP. Докладніше про " +"налаштовування LDAP можна дізнатися з довідки до <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> — те саме, що і <quote>ldap</quote>, але з типовими " +"параметрами IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ad</quote> — те саме, що і <quote>ldap</quote>, але з типовими " +"параметрами AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> явним чином вимикає SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Типове значення: використовується значення <quote>id_provider</quote>, якщо " +"його встановлено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"З докладними настановами щодо налаштовування sudo_provider можна " +"ознайомитися за допомогою сторінки підручника (man) <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. Передбачено доволі багато параметрів налаштовування, якими " +"можна скористатися для коригування поведінки програми. Докладніший опис " +"можна знайти у розділах щодо «ldap_sudo_*»\" у підручнику з <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "selinux_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"Засіб, який має відповідати за завантаження параметрів SELinux. Зауважте, що " +"цей засіб буде викликано одразу після завершення роботи служби надання " +"доступу. Передбачено підтримку таких засобів надання даних SELinux:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> для завантаження параметрів selinux з сервера IPA. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" +"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів " +"SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Типове значення: буде використано <quote>id_provider</quote>, якщо цей " +"спосіб встановлено і можлива обробка запитів щодо завантаження SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"Засіб надання даних, який має обробляти отримання даних піддоменів. Це " +"значення має завжди збігатися зі значенням id_provider. Передбачено " +"підтримку таких засобів надання даних піддоменів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> для завантаження списку піддоменів з сервера IPA. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" +"«ad», з якої слід завантажувати список піддоменів з сервера Active " +"Directory. Див. <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше про " +"налаштовування засобу надання даних AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "autofs_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"Служба autofs, яку використано для цього домену. Серед підтримуваних служб " +"autofs:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — завантажити карти, що зберігаються у LDAP. Докладніше " +"про налаштовування LDAP можна дізнатися з довідки до <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote> to load maps stored in an IPA server. See " +#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring IPA." +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> вимикає autofs повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "hostid_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"Засіб надання даних, який використовується для отримання даних щодо профілю " +"вузла. Серед підтримуваних засобів надання hostid:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — завантажити профіль системи, що зберігається на сервері " +"IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> вимикає hostid повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"Формальний вираз для цього домену, який описує спосіб поділи рядка, що " +"містить ім’я користувача та назву домену на ці компоненти. «Домен» може " +"відповідати назві домену налаштувань SSSD або, у випадку піддоменів довіри " +"IPA та доменів Active Directory, простій назві (NetBIOS) домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" +"Типовий для засобів надання AD і IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> За його допомогою можна визначати три " +"різні стилі запису імен користувачів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "користувач" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "користувач@назва.домену" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "домен\\користувач" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Перші два стилі відповідають загальним типовим стилям, а третій введено для " +"того, щоб полегшити інтеграцію користувачів з доменів Windows." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" +"Типове значення: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" +"quote>, можна висловити так: іменем користувача є все до символу «@», назвою " +"домену — все після цього символу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" +"Будь ласка, зауважте: підтримку неунікальних назв підшаблонів передбачено не " +"для всіх платформ (наприклад, нею не можна скористатися у RHEL5 і SLES10). " +"Підтримкою неунікальних назв підшаблонів можна скористатися лише на " +"платформах з версією libpcre 7." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" +"Додаткове зауваження: у застарілих версіях libpcre передбачено підтримку " +"лише синтаксичних конструкцій Python (?P<name>) для позначення " +"підшаблонів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Типове значення: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Надає можливість вибрати бажане сімейство адрес, яке слід використовувати " +"під час виконання пошуків у DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "Передбачено підтримку таких значень:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " +"спробувати формат IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" +"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " +"спробувати формат IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" +"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "Типове значення: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" +"Визначає кількість часу (у секундах) очікування відповіді від засобу " +"визначення адрес DNS, перш ніж засіб буде визначено недоступним. Якщо час " +"очікування буде перевищено, домен продовжуватиме роботу у автономному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "Типове значення: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Якщо у модулі обробки використовується визначення служб, вказує доменну " +"частину запиту визначення служб DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" +"Типова поведінка: використовувати назву домену з назви вузла комп’ютера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "override_gid (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "Замірити значення основного GID на вказане." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "case_sensitive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" +"Враховується регістр. Це значення є некоректним для засобу надання даних AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "Без врахування регістру." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "Preserving" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" +"Те саме, що і False (без врахування регістру символів), але без переведення " +"у нижній регістр імен у результатах дій NSS. Зауважте, що альтернативні " +"імена (у випадку служб також назви протоколів) у виведених даних все одно " +"буде переведено у нижній регістр." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Враховувати регістр записів імен користувачів та назв груп. У поточній " +"версії підтримку передбачено лише для локальних надавачів даних. Можливі " +"значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "Типове значення: True (False для засобу надання даних AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Під час пошуку запису користувача чи групи за назвою у системі надання даних " +"переадресації виконується вторинний пошук за ідентифікатором з метою " +"визначення «канонічної» форми назви, якщо результат знайдено за " +"альтернативною назвою (псевдонімом). Встановлення для цього параметра " +"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора " +"у кеші, щоб пришвидшити надання результатів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "спрощена (NetBIOS) назва піддомену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Використовувати вказаний домашній каталог як типовий для всіх піддоменів у " +"цьому домені у межах довіри AD IPA. Дані щодо можливих значень наведено у " +"описі параметра <emphasis>override_homedir</emphasis>. Крім того, " +"розгортання можна використовувати лише з <emphasis>subdomain_homedir</" +"emphasis>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Це значення може бути перевизначено параметром <emphasis>override_homedir</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Типове значення: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "realmd_tags (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"Різноманітні теґи, що зберігаються службою налаштовування realmd для цього " +"домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +#, fuzzy +#| msgid "memcache_timeout (int)" +msgid "cached_auth_timeout (int)" +msgstr "memcache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Ці параметри налаштування може бути вказано у розділі налаштування домену, " +"тобто у розділі з назвою <quote>[domain/<replaceable>НАЗВА</replaceable>]</" +"quote> <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" +"Типове значення: типово не встановлено, вам слід скористатися вже створеними " +"налаштуваннями pam або створити нові і тут додати назву служби." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"Назва бібліотеки NSS для використання у доменах з проксі-серверами. Функції " +"NSS шукаються у бібліотеці у форматі _nss_$(назва_бібліотеки)_$(функція), " +"наприклад _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" +"Параметри, які є чинними для доменів проксі. <placeholder type=" +"\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "Розділ локального домену" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" +"У цьому розділі містяться параметри для домену, який зберігає записи " +"користувачів і груп у вбудованій базі даних SSSD, тобто домену, який " +"використовує <replaceable>id_provider=local</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "default_shell (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" +"Типова оболонка для записів користувачів, створених за допомогою " +"інструментів простору користувачів SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "Типове значення: <filename>/bin/bash</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "base_directory (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" +"Інструменти додають ім’я користувача до <replaceable>base_directory</" +"replaceable> і використовують отриману адресу як адресу домашнього каталогу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "Типове значення: <filename>/home</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "create_homedir (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" +"Визначає, чи слід типово створювати домашній каталог для нових користувачів. " +"Може бути перевизначено з командного рядка." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "Типове значення: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "remove_homedir (булівське значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" +"Визначає, чи слід вилучати домашній каталог для вилучених записів " +"користувачів. Може бути перевизначено з командного рядка." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "homedir_umask (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" +"Використовується <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> для визначення типових прав доступу " +"до щойно створеного домашнього каталогу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "Типове значення: 077" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "skel_dir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" +"Каркасний каталог, який містить файли і каталоги, які буде скопійовано до " +"домашнього каталогу користувача, коли такий домашній каталог створюється " +"командою <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "Типове значення: <filename>/etc/skel</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "mail_dir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" +"Каталог буфера пошти. Цей каталог потрібен для обробки поштової скриньки, " +"якщо відповідний обліковий запис користувача змінено або вилучено. Якщо " +"каталог не вказано, буде використано типове значення." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "Типове значення: <filename>/var/mail</filename>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "userdel_cmd (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" +"Команда, яку буде виконано після вилучення запису користувача. Команді, як " +"перший і єдиний параметр, передається ім’я користувача, запис якого " +"вилучається. Код виконання, повернутий програмою не обробляється." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "Типове значення: None, не виконувати жодних команд" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "ПРИКЛАД" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"Нижче наведено приклад типових налаштувань SSSD. Налаштування самого домену " +"не наведено, — щоб дізнатися більше про неї, ознайомтеся з документацією " +"щодо налаштовування доменів. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Модуль надання даних LDAP SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"На цій сторінці довідника описано налаштування доменів LDAP для " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " +"до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Ви можете налаштувати SSSD на використання декількох доменів LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" +"У основному модулі LDAP передбачено підтримку засобів надання ідентифікатора " +"(id), уповноважень (auth), доступу (access) та зміни паролів (chpass). Якщо " +"ви бажаєте виконувати розпізнавання на сервері LDAP, потрібен TLS/SSL або " +"LDAPS. У <command>sssd</command> <emphasis>не передбачено</emphasis> " +"підтримки розпізнавання за допомогою шифрованого каналу обміну даними. Якщо " +"сервер LDAP використовується лише для надання даних профілів, потреби у " +"шифруванні каналу обміну даними немає. Будь ласка, зверніться до опису " +"параметра налаштування <quote>ldap_access_filter</quote>, щоб дізнатися " +"більше про використання LDAP, як засобу керування доступом." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має " +"встановлювати з’єднання у порядку пріоритету. Зверніться до розділу " +"«РЕЗЕРВ», щоб дізнатися більше про перемикання на резервні ресурси та " +"додаткові сервери. Якщо не вказано, буде використано автоматичне виявлення " +"служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "Формат адреси має відповідати формату, що визначається RFC 2732:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<вузол>[:порт]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"У явних адресах IPv6 <вузол> має бути вказано у квадратних дужках, []" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "приклад: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має " +"встановлювати з’єднання у порядку пріоритету для зміни пароля користувача. " +"Зверніться до розділу «РЕЗЕРВ», щоб дізнатися більше про перемикання на " +"резервні ресурси та додаткові сервери." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Для того, щоб уможливити визначення служб, слід встановити значення " +"параметра ldap_chpass_dns_service_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Типове значення: порожнє, тобто використовується ldap_uri." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"Типова базова назва домену, яку слід використовувати для виконання дій від " +"імені користувача LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Починаючи з SSSD 1.7.0, у SSSD передбачено підтримку визначення декількох " +"основ для пошуку за допомогою таких синтаксичних конструкцій:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "основа_пошуку[?діапазон?[фільтр][?основа_пошуку?діапазон?[фільтр]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" +"Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий " +"рівень) або «subtree» (піддерево)." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Фільтром має бути коректний запис фільтрування LDAP, відповідно до " +"специфікації http://www.ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "Приклади:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (еквівалентне до) ldap_search_base = " +"dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Зауваження: підтримки визначення декількох основ пошуку з посиланням на " +"об’єкти з однаковими назвами (наприклад груп з однаковою назвою у двох " +"різних основах пошуку) не передбачено. Такі визначення можуть призвести до " +"непередбачуваних результатів на клієнтських комп’ютерах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Типове значення: якщо значення не встановлено, буде використано значення " +"атрибута defaultNamingContext або namingContexts з RootDSE сервера LDAP. " +"Якщо запису defaultNamingContext не існує або цей запис має порожнє " +"значення, буде використано namingContexts. Для роботи системи потрібно, щоб " +"атрибут namingContexts має єдине значення DN бази пошуку сервера LDAP. " +"Підтримки визначення декількох значень не передбачено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "ldap_schema (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Визначає тип схеми, що використовується на сервері LDAP призначення. " +"Відповідно до вибраної схеми, типові назви атрибутів, отриманих з сервера, " +"можуть бути різними. Спосіб обробки атрибутів також може бути різним." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "У поточній версії передбачено підтримку чотирьох типів схем:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"Основною відмінністю між цими типами схем є спосіб запису даних щодо участі " +"у групах на сервері. Відповідно до rfc2307, список учасників груп " +"впорядковується за користувачами у атрибуті <emphasis>memberUid</emphasis>. " +"Відповідно до rfc2307bis і IPA, список учасників груп впорядковується за " +"назвою домену (DN) і зберігається у атрибуті <emphasis>member</emphasis>. " +"Відповідно до типу схеми AD, встановлюється відповідність зі значеннями " +"Active Directory 2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "Типове значення: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"Типова назва домену прив’язки, яку слід використовувати для виконання дій " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "Тип розпізнавання для типової назви сервера прив’язки." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "У поточній версії передбачено підтримку двох механізмів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "Типове значення: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" +"Лексема розпізнавання типової назви сервера прив’язки. У поточній версії " +"передбачено підтримку лише паролів у форматі звичайного тексту." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "Клас об’єктів запису користувача у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "Типове значення: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "Атрибут LDAP, що відповідає назві облікового запису користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "Типове значення: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "Атрибут LDAP, що відповідає ідентифікатору користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "Типове значення: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "Типове значення: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "Атрибут LDAP, що відповідає полю gecos користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "Типове значення: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "Типове значення: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"Атрибут LDAP, що містить шлях до типової командної оболонки користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "Типове значення: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" +"Типове значення: не встановлено у загальному випадку, objectGUID для AD і " +"ipaUniqueID для IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"Атрибут LDAP, що містить objectSID об’єкта користувача LDAP. Зазвичай, " +"потрібен лише для серверів ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" +"Типове значення: objectSid для ActiveDirectory, не встановлено для інших " +"серверів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"Атрибут LDAP, що містить часову позначку останньої зміни батьківського " +"об’єкта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "Типове значення: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (дати останньої зміни пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "Типове значення: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (мінімального віку пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "Типове значення: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (максимального віку пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "Типове значення: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (проміжку попередження щодо пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "Типове значення: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (тривалості періоду невикористання пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "Типове значення: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow або " +"ldap_account_expire_policy=shadow цей параметр містить назву атрибута LDAP, " +"який є відповідником параметра <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (дати завершення " +"строку дії пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "Типове значення: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить " +"назву атрибута LDAP, у якому зберігається дата і час останньої зміни пароля " +"у kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "Типове значення: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить " +"назву атрибута LDAP, у якому зберігається дата і час завершення строку дії " +"поточного пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "Типове значення: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву " +"атрибута LDAP, у якому зберігаються дані щодо строку завершення дії " +"облікового запису." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "Типове значення: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву " +"атрибута LDAP, у якому зберігаються дані щодо поля контрольного біта " +"облікового запису користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "Типове значення: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Якщо вказано ldap_account_expire_policy=rhds або еквівалентне налаштування, " +"цей параметр визначає, заборонено чи дозволено доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "Типове значення: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає, дозволено " +"чи заборонено доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "Типове значення: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає дату, до " +"якої надано доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає годити дня " +"тижня, коли надається доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "Типове значення: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"Атрибут LDAP, що містить Kerberos User Principal Name (UPN) користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "Типове значення: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Відокремлений комами список атрибутів LDAP, які SSSD має отримувати разом зі " +"звичайним набором атрибутів запису користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"Список може або містити лише назви атрибутів LDAP, або відокремлені " +"двокрапками кортежі з назви атрибута кешу SSSD та назви атрибута LDAP. Якщо " +"вказано лише назву атрибута LDAP, атрибут зберігається до кешу буквально. " +"Використання нетипової назви атрибута SSSD може бути потрібним середовищам, " +"де налаштовано декілька доменів SSSD з різними схемами LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Будь ласка, зауважте, що декілька назв атрибутів зарезервовано SSSD, зокрема " +"атрибут «name». SSSD повідомить про помилку, якщо будь-які із зарезервованих " +"назв атрибутів використано як назву додаткового атрибута." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Зберегти атрибут «telephoneNumber» з LDAP як «telephoneNumber» до кешу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "Зберегти атрибут «telephoneNumber» з LDAP як «phone» до кешу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "Атрибут LDAP, який містить відкриті ключі SSH користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "Типове значення: sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Деякі з серверів каталогів, наприклад Active Directory, можуть надавати " +"частину області адреси UPN лише малими літерами (літерами нижнього " +"регістру), що може призвести до невдалої спроби розпізнавання. Встановіть " +"ненульове значення цього параметра, якщо ви бажаєте використовувати назву " +"області у верхньому регістрі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Визначає кількість секунд, протягом яких SSSD має очікувати до оновлення " +"свого кешу нумерованих записів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Визначає частоту пошуків у кеші неактивних записів (зокрема груп без " +"учасників та користувачів, які ніколи не входили до системи) та вилучення " +"цих записів з метою економії місця." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" +"Встановлення нульового значення цього параметра вимикає дію з очищення кешу. " +"Будь ласка, зауважте, що якщо увімкнено нумерацію, дія з очищення є " +"необхідною з метою виявлення записів, вилучених із сервера, її не можна " +"вимикати. Типово, дія з очищення, якщо увімкнено нумерацію, виконується " +"кожні 3 години." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "Атрибут LDAP, що відповідає повному імені користувача." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "Типове значення: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "Типове значення: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Якщо access_provider=ldap і ldap_access_order=authorized_service, SSSD " +"використовуватиме наявність атрибута authorizedService у записі користувача " +"LDAP для визначення прав доступу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Спочатку визначаються явні заборони (!svc). Далі SSSD шукає явні дозволи " +"(svc) і нарешті загальні дозволи або allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Будь ласка, зауважте, що параметр налаштування ldap_access_order " +"<emphasis>має</emphasis> включати <quote>authorized_service</quote>, щоб " +"система змогла скористатися параметром ldap_user_authorized_service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "Типове значення: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Якщо access_provider=ldap і ldap_access_order=host, SSSD використовуватиме " +"наявність атрибута host у записі користувача LDAP для визначення прав " +"доступу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Спочатку визначаються явні заборони (!host). Далі SSSD шукає явні дозволи " +"(host) і нарешті загальні дозволи або allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Будь ласка, зауважте, що параметр налаштування ldap_access_order " +"<emphasis>має</emphasis> включати <quote>host</quote>, щоб можна було " +"скористатися параметром ldap_user_authorized_host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "Типове значення: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "Назва атрибута LDAP, що містить сертифікат X509 користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +#, fuzzy +#| msgid "Default: no set in the general case, userCertificate for IPA" +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" +"Типове значення: не встановлено у загальному випадку, userCertificate для IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "Клас об’єктів запису групи у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "Типове значення: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "Атрибут LDAP, що відповідає назві групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "Атрибут LDAP, що відповідає ідентифікатору групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "Атрибут LDAP, у якому містяться імена учасників групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"Атрибут LDAP, що містить objectSID об’єкта групи LDAP. Зазвичай, потрібен " +"лише для серверів ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "ldap_group_type (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"Атрибут LDAP, що містить ціле значення і позначає тип групи, а також, " +"можливо, інші прапорці." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Цей атрибут у поточній версії використовується лише засобом надання даних AD " +"для визначення, чи є група локальною групою домену і чи має бути її " +"відфільтровано у списку надійних (довірених) доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" +"Типове значення: groupType у засобі надання даних AD, у інших засобах не " +"встановлено" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "ldap_group_member (string)" +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +#, fuzzy +#| msgid "Default: groupType in the AD provider, othewise not set" +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" +"Типове значення: groupType у засобі надання даних AD, у інших засобах не " +"встановлено" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Якщо ldap_schema встановлено у значення формату схеми, у якому передбачено " +"підтримку вкладеності груп (наприклад RFC2307bis), цей параметр визначає " +"кількість рівнів вкладеності, які оброблятимуться SSSD. Значення цього " +"параметра буде проігноровано, якщо використано схему RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" +"Зауваження: за допомогою цього параметра визначається гарантований рівень " +"вкладеності груп для обробки під час будь-якого пошуку. Втім, <emphasis>може " +"бути</emphasis> повернуто і групи із більшим рівнем вкладеності, якщо під " +"час попередніх пошуків відбувалася обробка вищих рівнів вкладеності. Крім " +"того, послідовні пошуки інших груп можуть розширити набір результатів " +"початкового пошуку, якщо запити щодо пошуку надходять повторно." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +#, fuzzy +#| msgid "" +#| "If ldap_group_nesting_level is set to 0 then no nested groups are " +#| "processed at all. However, when connected to Active-Directory Server 2008 " +#| "and later it is furthermore required to disable usage of Token-Groups by " +#| "setting ldap_use_tokengroups to false." +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" +"Якщо значенням ldap_group_nesting_level є 0, вкладені групи взагалі не " +"оброблятимуться. Втім, якщо з’єднання встановлено з Active-Directory Server " +"2008 та новішими версіями, слід також вимкнути використання груп " +"реєстраційних записів (Token-Groups) встановленням для параметра " +"ldap_use_tokengroups значення false." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "Типове значення: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "ldap_groups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" +"За допомогою цього параметра можна наказати SSSD скористатися перевагами " +"специфічної для Active Directory можливості, яка надає змогу пришвидшити дії " +"з пошуку груп у мережах зі складною системою груп або системою груп з " +"високим рівнем вкладеності." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" +"Здебільшого, не варто вмикати цю можливість. Пришвидшення за її допомогою " +"можна буде спостерігати лише у дуже складних випадках вкладеності груп." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" +"Якщо увімкнено цей параметр, SSSD використовуватиме можливість, якщо під час " +"початкового сеансу з’єднання виявить, що на сервері передбачено підтримку " +"можливості. Отже, насправді значення «True» означає «визначити автоматично»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" +"Зауваження: відомо, що у поточній версії цією можливістю можна скористатися " +"лише для Active Directory 2008 R1 та пізніших версій. Докладніше про це " +"можна дізнатися з <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\">документації MSDN(TM)</ulink>." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "Типове значення: False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "ldap_initgroups_use_matching_rule_in_chain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" +"За допомогою цього параметра можна наказати SSSD скористатися перевагами " +"специфічної для Active Directory можливості, яка може пришвидшити дії з " +"початковими групами (initgroups). Особливо помітним таке пришвидшення є у " +"системах зі складною системою груп або системою груп з високим рівнем " +"вкладеності." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"За допомогою цього параметра можна увімкнути або вимкнути використання " +"атрибута Token-Groups під час виконання initgroup для користувачів Active " +"Directory Server 2008 та новіших версій." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "Типове значення: True для AD і IPA, інакше False." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "Типове значення: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" +"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "Типове значення: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "Цим параметром не можна скористатися у надавачі даних IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "Типове значення: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "Клас об’єктів запису служби у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "Типове значення: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "Типове значення: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "Типове значення: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Визначає час очікування на дані (у секундах) для виконання пошуків ldap, " +"перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до " +"автономного режиму роботи)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Зауваження: роботу цього параметра буде змінено у наступних версіях SSSD. " +"Ймовірно, його буде колись замінено на послідовність часів очікування для " +"окремих типів пошуків." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Визначає час очікування на дані (у секундах) для виконання пошуків номерів " +"користувачів та груп у ldap, перш ніж пошук буде скасовано з поверненням " +"кешованих даних (і переходом до автономного режиму роботи)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Визначає час очікування (у секундах), після завершення якого <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> з наступним <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> повертається до стану бездіяльності." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" +"Визначає час очікування (у секундах), після завершення якого виклики до " +"синхронних програмних інтерфейсів LDAP буде перервано, якщо не буде отримано " +"відповіді. Також керує часом очікування під час обміну даними з KDC у " +"випадку прив’язки SASL, часом очікування на дію з прив’язування LDAP, " +"розширеної операції зі зміни пароля та дії StartTLS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (ціле значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Визначає час очікування (у секундах), протягом якого підтримуватиметься " +"з’єднання з сервером LDAP. По завершенню цього часу буде зроблено спробу " +"повторно встановити з’єднання. У разі використання паралельно до SASL/GSSAPI " +"буде використано перше за часом значення (це значення або значення строку " +"дії TGT)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "Типове значення: 900 (15 хвилин)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Визначити кількість записів, які слід отримати з LDAP у відповідь на один " +"запит. На деяких серверах LDAP визначено обмеження максимальної кількості на " +"один запит." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "Типове значення: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Вимикає контроль сторінок LDAP. Цим параметром слід скористатися, якщо " +"сервер LDAP повідомляє про підтримку контролю сторінок LDAP у своєму " +"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Приклад: сервери OpenLDAP з модулем контролю сторінок, встановленим на " +"сервері, але не увімкненим, повідомляють про підтримку у RootDSE, але цією " +"підтримкою не можна скористатися." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Приклад: 389 DS має ваду, пов’язану з тим, що здатен підтримувати лише один " +"процес контролю сторінок для одного з’єднання. У разі значного навантаження " +"це може призвести до відмови у виконанні запитів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "Вимкнути отримання діапазону Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"У Active Directory за допомогою правила MaxValRange (типове значення 1500 " +"записів) обмежується кількість записів, які може бути отримано під час " +"пошуку. Якщо у певній групі міститься більше записів учасників, до відповіді " +"буде включено специфічне для AD розширення діапазону. За допомогою цього " +"параметра можна вимкнути обробку розширення діапазону, отже великі групи " +"буде представлено як такі, у яких немає учасників." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (ціле значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний " +"рівень захисту, потрібний для встановлення з’єднання. Значення цього " +"параметра визначається OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Типове значення: типове для системи значення (зазвичай, визначається у ldap." +"conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Вказує кількість учасників групи, записів яких має не вистачати у " +"зовнішньому кеші для запуску загального пошуку з розіменуванням. Якщо " +"пропущених записів буде менше за вказану кількість, пошук для них " +"виконуватиметься окремо." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" +"Ви можете повністю вимкнути пошуки з отриманням значення об’єкта " +"(розіменуванням), якщо вкажете значення 0." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Пошук з розіменуванням — це отримання всіх записів учасників групи за одним " +"викликом LDAP. У різних серверах LDAP може бути передбачено різні способи " +"розіменування. У поточній версії передбачено підтримку серверів 389/RHDS, " +"OpenLDAP та Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Зауваження:</emphasis> якщо у одній з основ пошуку визначається " +"фільтр пошуку, покращення швидкодії фільтрів розіменування буде вимкнено, " +"незалежно від використання цього параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Визначає перелік перевірок, які слід виконати для сертифікатів серверів у " +"сеансі TLS, якщо такі перевірки слід виконувати. Може бути визначено одне з " +"таких значень:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = клієнт не надсилатиме запиту і не перевірятиме " +"жодних сертифікатів сервера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " +"сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде " +"надано помилковий сертифікат, ігнорувати і продовжити сеанс у звичайному " +"режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " +"сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде " +"надано помилковий сертифікат, негайно перервати сеанс." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " +"сертифікат не буде надано або буде надано помилковий сертифікат, негайно " +"перервати сеанс." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "Типове значення: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Визначає файл, який містить сертифікати для всіх служб сертифікації, які " +"розпізнаються <command>sssd</command>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Типове значення: використовувати типові параметри OpenLDAP, що зберігаються " +"у <filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Визначає шлях до каталогу, де у окремих файлах містяться сертифікати служб " +"сертифікації (CA). Типовими назвами файлів є хеші сертифікатів з додаванням " +"«.0». Для створення відповідних назв можна скористатися " +"<command>cacertdir_rehash</command>, якщо ця програма є доступною." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "Визначає файл, який містить сертифікат для ключа клієнта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "Визначає файл, у якому міститься ключ клієнта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" +"Визначає прийнятні комплекти програм для шифрування. Записи у типовому " +"списку слід відокремлювати комами. З форматом можна ознайомитися на сторінці " +"довідника до <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" +"Визначає, що з’єднання id_provider має також використовувати <systemitem " +"class=\"protocol\">tls</systemitem> для захисту каналу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Визначає, що SSSD має намагатися встановити відповідність ідентифікаторів " +"користувача і групи на основі атрибутів ldap_user_objectsid та " +"ldap_group_objectsid, замість атрибутів ldap_user_uid_number та " +"ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"У поточній версії у цій можливості передбачено підтримку лише встановлення " +"відповідності objectSID у ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "ldap_min_id, ldap_max_id (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"На відміну від прив’язування ідентифікаторів на основі SID, яке " +"використовується, якщо параметр ldap_id_mapping має значення true, діапазон " +"дозволених ідентифікаторів для ldap_user_uid_number і ldap_group_gid_number " +"є необмеженим. У конфігураціях з піддоменами та довіреними доменами це може " +"призвести до конфліктів ідентифікаторів. Щоб уникнути конфліктів, можна " +"встановити значення ldap_min_id і ldap_max_id для обмеження дозволеного " +"діапазону ідентифікаторів, які буде прочитано безпосередньо з сервера. Після " +"цього піддомени можуть вибирати інші діапазони для прив’язування " +"ідентифікаторів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" +"Типове значення: не встановлено (обидва параметри встановлено у значення 0)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" +"Визначає механізм SASL, який слід використовувати. У поточній версії " +"перевірено і підтримується лише механізм GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" +"Визначає ідентифікатор уповноваження SASL, який слід використовувати. Якщо " +"використано GSSAPI, відповідає реєстраційному запису Kerberos, який " +"використовується для розпізнавання під час доступу до каталогу. У цьому " +"параметрів можуть зберігатися або реєстраційні дані повністю (наприклад host/" +"myhost@EXAMPLE.COM) або лише назва реєстраційного запису (наприклад host/" +"myhost)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Визначає область SASL, яку слід використовувати. Якщо не вказано значення, " +"типовим значенням цього параметра є значення krb5_realm. Якщо " +"ldap_sasl_authid також містить запис області, цей параметр буде " +"проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "Типове значення: значення krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Якщо встановлено значення true (1), бібліотека LDAP виконувати зворотній " +"пошук з метою переведення назв вузлів у канонічну форму під час прив’язки до " +"SASL." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "Типове значення: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" +"Визначає, що id_provider має ініціалізувати реєстраційні дані Kerberos " +"(TGT). Цю дію буде виконано, лише якщо використовується SASL і вибрано " +"механізм GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "Типове значення: 86400 (24 години)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів " +"Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути " +"впорядковано за пріоритетом. Докладніше про резервування та додаткові " +"сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може " +"бути додано номер порту (перед номером слід вписати двокрапку). Якщо " +"параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше " +"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Під час використання виявлення служб для серверів KDC або kpasswd SSSD " +"спочатку намагається знайти записи DNS, у яких визначається протокол _udp. " +"Використання протоколу _tcp відбувається, лише якщо таких записів не " +"вдасться знайти." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"У попередніх випусках SSSD цей параметр мав назву «krb5_kdcip». У поточній " +"версії передбачено розпізнавання цієї застарілої назви, але користувачам " +"варто перейти на використання «krb5_server» у файлах налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Визначає, чи слід перетворювати реєстраційний запис вузла у канонічну форму " +"під час встановлення з’єднання з сервером LDAP. Цю можливість передбачено з " +"версії MIT Kerberos >= 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які " +"значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви " +"вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла " +"налаштувань <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Див. сторінку підручника (man) <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Визначає правил оцінки строку дії пароля на боці клієнта. Можна " +"використовувати такі значення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> — не використовувати перевірки на боці клієнта. У " +"разі використання цього варіанта перевірку на боці сервера вимкнено не буде." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" +"<emphasis>shadow</emphasis> — використовувати атрибути у стилі " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> для визначення того, чи чинним є пароль." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> — використовувати атрибути MIT Kerberos " +"для визначення завершення строку дії пароля. У разі зміни пароля " +"скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Зауваження</emphasis>: якщо правила поводження з паролями " +"налаштовано на боці сервера, ці правила мають пріоритет над правилами, " +"встановленими за допомогою цього параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" +"Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Зауважте, що sssd підтримує визначення напрямків, лише якщо систему зібрано " +"з версією OpenLDAP 2.4.13 або новішою версією." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" +"Перехід за спрямуваннями може призвести до значних втрат швидкодії у " +"середовищах, де такі спрямування використовуються широко. Прикладом такого " +"середовища може бути Microsoft Active Directory. Якщо у вашому середовищі " +"спрямування не є обов’язковими, встановлення для цього параметра значення " +"«false» може значно пришвидшити роботу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Визначає назву служби, яку буде використано у разі вмикання визначення служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "Типове значення: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Визначає назву служби, яку буде використано для пошуку сервера LDAP, який " +"уможливлює зміну паролів, у разі вмикання визначення служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change даними " +"щодо кількості днів з часу виконання дії зі зміни пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Якщо використовується access_provider = ldap та ldap_access_order = filter " +"(типова поведінка), цей параметр є обов’язковим. Він вказує критерії " +"фільтрування LDAP, яким має задовольняти запис користувача для надання " +"доступу до цього вузла. Якщо визначено access_provider = ldap та " +"ldap_access_order = filter, а цей параметр не встановлено, доступ буде " +"заборонено всім користувачам. Щоб змінити таку типову поведінку системи, " +"скористайтеся параметром access_provider = permit. Будь ласка, зауважте, що " +"цей фільтр застосовуватиметься лише до запису користувача LDAP, отже " +"фільтрування, засноване на вкладених групах може не працювати (наприклад, " +"атрибут memberOf для записів AD вказує лише на безпосередні батьківські " +"записи). Якщо вам потрібне фільтрування, засноване на вкладених групах, будь " +"ласка, скористайтеся параметром <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "Приклад:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"У прикладі доступ до цього вузла обмежено користувачами, чий атрибут " +"employeeType встановлено у значення «admin»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" +"Автономне кешування для цієї можливості обмежено визначенням того, чи було " +"надано користувачеві під час попередньої спроби увійти до системи з мережі " +"права доступу. Якщо під час останньої спроби увійти такі права було надано, " +"система продовжуватиме надавати права доступу у автономному режимі. Якщо ж " +"таких прав не було надано, у автономному режимі їх також не буде надано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "Типове значення: порожній рядок" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"За допомогою цього параметра може бути увімкнено визначення атрибутів " +"керування доступом на боці клієнта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Будь ласка, зауважте, що завжди варто використовувати керування доступом на " +"боці сервера, тобто сервер LDAP має відмовляти у запитах щодо прив’язування " +"з відповідним кодом помилки, навіть якщо вказано правильний пароль." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "Можна використовувати такі значення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: це значення ldap_user_shadow_expire допомагає " +"визначити, чи завершено строк дії облікового запису." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: скористатися значенням 32-бітового поля " +"ldap_user_ad_user_account_control і дозволити доступ, якщо другий біт має " +"нульове значення. Якщо атрибут не буде знайдено, доступ буде дозволено. " +"Також буде перевірено, чи не вичерпано строк дії облікового запису." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: використовувати для перевірки доступу значення " +"ldap_ns_account_lock." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: для перевірки доступу використовувати значення " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled і " +"ldap_user_nds_login_expiration_time. Якщо не буде виявлено жодного з цих " +"атрибутів, надати доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Будь ласка, зауважте, що параметр налаштування ldap_access_order " +"<emphasis>має</emphasis> включати <quote>expire</quote>, щоб можна було " +"користуватися параметром ldap_account_expire_policy." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Список відокремлених комами параметрів керування доступом. Можливі значення " +"списку:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" +"<emphasis>lockout</emphasis>: використовувати блокування облікових записів. " +"Якщо встановлено, цей параметр забороняє доступ, якщо існує атрибут ldap " +"«pwdAccountLockedTime» і його значенням є «000001010000Z». Будь ласка, " +"ознайомтеся із документацією до параметра ldap_pwdlockout_dn. Зауважте, що " +"для працездатності цієї можливості слід встановити «access_provider = ldap»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" +"<emphasis> Будь ласка, зауважте, що цей параметр має нижчий пріоритет за " +"параметр «ppolicy», його може бути вилучено у наступних випусках. </" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" +"<emphasis>ppolicy</emphasis>: використовувати блокування облікових записів. " +"Якщо встановлено, забороняє доступ у випадку наявності атрибута ldap " +"«pwdAccountLockedTime» рівного «000001010000Z» або такого, що відповідає " +"моменту часу у минулому. Значення атрибута «pwdAccountLockedTime» має " +"завершуватися на «Z», що позначає часовий пояс UTC. Підтримки інших часових " +"поясів у поточній версії не передбачено, їхнє використання призводитиме до " +"появи повідомлення про заборону доступу, коли користувачі намагатимуться " +"увійти до системи. Докладніший опис можна знайти у розділі щодо параметра " +"ldap_pwdlockout_dn. Будь ласка, зауважте, що для працездатності цього " +"параметра слід встановити значення «access_provider = ldap»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" +"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> Ці параметри корисні, якщо користувачам " +"потрібні попередження щодо скорого завершення строку дії пароля, і у " +"випадках, коли розпізнавання засновано на відмінних від паролів методах, " +"наприклад на ключах SSH." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" +"Відмінність між цими параметрами полягає у дії, яку буде виконано, якщо " +"строк дії пароля вичерпано: pwd_expire_policy_reject — користувачеві буде " +"заборонено вхід до системи, pwd_expire_policy_warn — користувач ще зможе " +"увійти до системи, pwd_expire_policy_renew — система попросить користувача " +"негайно змінити пароль." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" +"Зауважте, що якщо строк дії пароля вичерпано, запит із явним повідомленням " +"від SSSD не надходитиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" +"Будь ласка, зауважте, що для того, щоб цим можна було скористатися, слід " +"встановити «access_provider = ldap». Крім того, слід встановити для " +"параметра «ldap_pwd_policy» відповідні правила поводження із паролями." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: використовувати для визначення " +"можливості доступу атрибут authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " +"права доступу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "Типове значення: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Зауважте, що програма повідомить про помилку, якщо одне значення було " +"використано декілька разів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" +"За допомогою цього параметра визначається DN запису правил поводження із " +"паролями на сервері LDAP. Будь ласка, зауважте, що те, що цього параметра не " +"буде у sssd.conf, у випадку увімкненого блокування облікових записів " +"призведе до заборони доступу, оскільки атрибути ppolicy на сервері LDAP не " +"можна буде перевірити належним чином." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "ldap_deref (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Визначає спосіб виконання розіменовування псевдонімів під час виконання " +"пошуку. Можливі такі варіанти:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" +"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: розіменування псевдонімів відбувається у " +"межах основного об’єкта, а не на основі визначення місця основного об’єкта " +"пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: розіменування псевдонімів відбувається лише " +"під час визначення місця основного об’єкта пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: розіменування псевдонімів відбувається як під " +"час пошуку, так і під час визначення місця основного об’єкта пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Типове значення: не встановлено (обробка бібліотеками LDAP клієнта за " +"сценарієм <emphasis>never</emphasis>)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Надає змогу зберігати локальних користувачів як учасників групи LDAP для " +"серверів, у яких використовується схема RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"У деяких середовищах, де використовується схема RFC2307, локальних " +"користувачів можна зробити учасниками груп LDAP додаванням імен цих " +"користувачів до атрибута memberUid. Узгодженість домену може бути " +"скомпрометовано, якщо буде виконано подібне додавання учасника, тому SSSD за " +"звичайних умов вилучає записи користувачів, яких «не вистачає», з кешованих " +"даних щодо участі у групах, щойно nsswitch спробує отримати дані щодо " +"користувачів за допомогою виклику getpw*() або initgroups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"У разі використання цього параметра програма повертається до перевірки " +"посилань на локальних користувачів і кешує їх так, що наступні виклики " +"initgroups() розширюватимуть список локальних користувачів додатковими " +"групами LDAP." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "wildcart_limit (integer)" +msgstr "ldap_opt_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Всі загальні параметри налаштування, які стосуються доменів SSSD, також " +"стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки " +"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "ПАРАМЕТРИ SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Докладні настанов щодо налаштовування sudo_provider можна знайти на сторінці " +"довідника (man) <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "Клас об’єктів запису правила sudo у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "Типове значення: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "Атрибут LDAP, що відповідає назві правила sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "Атрибут LDAP, що відповідає назві команди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "Типове значення: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"Атрибут LDAP, який відповідає назві вузла (або IP-адресі вузла, IP-мережі " +"вузла, мережевій групі вузла)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "Типове значення: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"Атрибут LDAP, що відповідає назві імені користувача (або UID, назві групи " +"або назві мережевої групи користувача)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "Типове значення: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "Атрибут LDAP, що відповідає параметрам sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "Типове значення: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"Атрибут LDAP, що відповідає користувачеві, від імені якого можна виконувати " +"команди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "Типове значення: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"Атрибут LDAP, що відповідає назві групи або GID, від імені якої можна " +"виконувати команди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "Типове значення: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "Типове значення: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "Типове значення: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "Атрибут LDAP, що відповідає порядковому номеру правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "Типове значення: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"Проміжок часу у секундах між послідовними повними оновленнями правил sudo " +"SSSD у автоматичному режимі. Під час таких оновлень буде отримано повний " +"набір правил, що зберігаються на сервері." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"Це значення має перевищувати значення " +"<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "Типове значення: 21600 (6 годин)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" +"Проміжок часу у секундах між послідовними кмітливими оновленнями правил sudo " +"SSSD у автоматичному режимі. Під час таких оновлень буде отримано всі дані " +"правил, USN яких перевищує найбільше значення USN у кешованих правилах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Якщо підтримки атрибутів USN на сервері не передбачено, буде використано " +"дані атрибута modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Якщо визначено значення true, SSSD отримуватиме лише правила, що стосуються " +"цього комп’ютера (на основі адрес вузла або мережі у форматах IPv4 і IPv6 та " +"назв вузлів)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Список назв вузлів або повних доменних назв, відокремлених пробілами, для " +"фільтрування списку правил." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити " +"назву вузла та повну назву комп’ютера у домені у автоматичному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Якщо для <emphasis>ldap_sudo_use_host_filter</emphasis> встановлено значення " +"<emphasis>false</emphasis>, цей параметр ні на що не впливатиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "Типове значення: не вказано" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Список адрес вузлів або мереж у форматах IPv4 і IPv6 для фільтрування списку " +"правил." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити " +"адресу у автоматичному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Якщо вказано значення true, SSSD отримуватиме всі правила, що містять " +"мережеву групу (netgroup) у атрибуті sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Якщо вказано значення true, SSSD отримуватиме всі правила, що містять шаблон " +"заміни у атрибуті sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"На цій сторінці довідника наведено дані щодо відповідності назв атрибутів. " +"Докладний опис семантики атрибутів, пов’язаних з sudo, можна знайти у " +"довідці з <citerefentry> <refentrytitle>sudoers.ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "ПАРАМЕТРИ AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "Назва основної карти автоматичного монтування у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "Типове значення: auto.master" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "Типове значення: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "Назва запису карти автоматичного монтування у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +#, fuzzy +#| msgid "" +#| "The key of an automount entry in LDAP. The entry usually corresponds to a " +#| "mount point." +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає " +"точні монтування." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: automountMap" +msgid "Default: automount" +msgstr "Типове значення: automountMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає " +"точні монтування." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +#, fuzzy +#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "Типове значення: automountInformation" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "ДОДАТКОВІ ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" +"Якщо увімкнено параметр «ldap_use_tokengroup», пошук у Active Directory не " +"буде обмежуватися і повертатиме усі дані щодо участі у групах, навіть без " +"прив’язки до gid. Рекомендуємо вимкнути цю можливість, якщо назви груп " +"показуються неправильно." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" +"Підтримку цих параметрів передбачено доменами LDAP, але користуватися ними " +"слід обережно. Будь ласка, використовуйте їх у налаштуваннях, лише якщо вам " +"відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/> " +"<placeholder type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"У наведеному нижче прикладі припускається, що SSSD налаштовано належним " +"чином, а LDAP встановлено на один з доменів з розділу " +"<replaceable>[domains]</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" +"У наведеному нижче прикладі припускається, що SSSD налаштовано належним " +"чином і використано ldap_access_order=lockout." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "ЗАУВАЖЕННЯ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Описи деяких з параметрів налаштування на цій сторінці підручника засновано " +"на даних сторінки підручника (man) <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з пакунка OpenLDAP " +"2.4." + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>Основна гілка розробки SSSD — " +"http://fedorahosted.org/sssd</orgname>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "модуль PAM для SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> — інтерфейс PAM до System Security Services " +"daemon (SSSD). Помилки та результати роботи записуються за допомогою " +"<command>syslog(3)</command> до запису LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "Не показувати у журналі повідомлень для невідомих користувачів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Якщо встановлено значення <option>forward_pass</option>, введений пароль " +"буде збережено у стосі паролів для використання іншими модулями PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"Використання аргументу use_first_pass примушує модуль до використання пароля " +"з модулів попереднього рівня. Ніяких запитів до користувача не " +"надсилатиметься, — якщо пароль не буде виявлено або пароль виявиться " +"непридатним, доступ користувачеві буде заборонено." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Визначає ситуацію, коли зміна пароля примушує модуль встановлювати новий " +"пароль на основі пароля, наданого попереднім модулем обробки паролів зі " +"стосу модулів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Якщо вказано, користувача запитуватимуть про пароль ще N разів, якщо перший " +"раз розпізнавання зазнає невдачі. Типовим значенням є 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Будь ласка, зауважте, що цей параметр може працювати не так, як очікується, " +"якщо програма, яка викликає PAM, має власний обробник діалогових вікон " +"взаємодії з користувачем. Типовим прикладом є <command>sshd</command> з " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Якщо вказано цей параметр і облікового запису не існує, модуль PAM поверне " +"PAM_IGNORE. Це призводить до ігнорування цього модуля оболонкою PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Визначає, що модуль PAM має повертати PAM_IGNORE, якщо не вдається " +"встановити зв’язок із фоновою службою SSSD. У результаті набір інструментів " +"PAM ігнорує цей модуль." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "<option>domains</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" +"Надає змогу адміністратору обмежити домен певною службою PAM, за допомогою " +"якої можна буде виконувати розпізнавання. Формат значення: список назв " +"доменів SSSD, відокремлених комами, так, як їх вказано у файлі sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"Зауваження: слід використовувати разом із параметрами «pam_trusted_users» і " +"«pam_public_domains». Будь ласка, ознайомтеся із сторінкою підручника " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, щоб дізнатися більше про ці два параметри " +"відповідача PAM." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Передбачено всі типи модулів (<option>account</option>, <option>auth</" +"option>, <option>password</option> і <option>session</option>)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "ФАЙЛИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Якщо спроба скидання пароля від імені адміністративного користувача (root) " +"зазнає невдачі, оскільки у відповідному засобі обробки SSSD не передбачено " +"скидання паролів, може бути показано певне повідомлення. У цьому " +"повідомленні, наприклад, можуть міститися настанови щодо скидання пароля." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Текст повідомлення буде прочитано з файла <filename>pam_sss_pw_reset_message." +"LOC</filename>, де «LOC» — рядок локалі у форматі, повернутому " +"<citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</" +"manvolnum> </citerefentry>. Якщо відповідного файла знайдено не буде, буде " +"показано вміст файла <filename>pam_sss_pw_reset_message.txt</filename>. " +"Власником файлів має бути адміністративний користувач (root). Доступ до " +"запису файлів також повинен мати лише адміністративний користувач. Всім " +"іншим користувачам може бути надано лише право читання файлів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Пошук цих файлів виконуватиметься у каталозі <filename>/etc/sssd/customize/" +"НАЗВА_ДОМЕНУ/</filename>. Якщо відповідний файл не буде знайдено, буде " +"показано типове повідомлення." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Додаток локатора Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Додаток пошуку Kerberos <command>sssd_krb5_locator_plugin</command> " +"використовується засобом обробки Kerberos <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"для сповіщення бібліотек Kerberos яку область і KDC слід використовувати. " +"Типово, таке сповіщення виконується за допомогою <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, файла, читання якого завжди виконується бібліотеками " +"Kerberos. Щоб спростити налаштування, область та KDC можна визначити у " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> у спосіб, описаний на сторінці довідки " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> зберігає область і назву або IP-адресу KDC у змінних " +"середовища SSSD_KRB5_REALM і SSSD_KRB5_KDC, відповідно. Якщо програма " +"<command>sssd_krb5_locator_plugin</command> викликається бібліотеками " +"kerberos, ця програма читає і визначає ці змінні і повертає їхні значення " +"бібліотекам." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Підтримку використання додатків передбачено не у всіх реалізаціях Kerberos. " +"Якщо у вашій системі немає <command>sssd_krb5_locator_plugin</command>, вам " +"слід внести зміни до /etc/krb5.conf, які відповідатимуть вашій версії " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Якщо встановлено будь-яке значення змінної середовища " +"SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до stderr." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "файл налаштувань інструмента керування доступом «simple» SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування простого засобу керування " +"доступом для <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис " +"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Простий засіб керування доступом надає або забороняє доступ на основі списку " +"допуску або заборони, складеного за назвами облікових записів користувачів " +"та групами. Використовуються такі правила:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Якщо всі списки є порожніми, доступ буде надано." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Якщо вказано будь-який зі списків, обробка виконуватиметься за послідовністю " +"«допуск, потім заборона» (allow,deny). Це означає, що будь-яке з правил " +"заборони матиме пріоритет над будь-яким правилом допуску." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Якщо буде вказано один або обидва списки допуску («allow»), всім " +"користувачам поза цими списками доступ буде заборонено." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Якщо буде вказано лише списки заборони («deny»), всі користувачам поза цими " +"списками доступ буде надано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" +"Відокремлений комами список користувачів, яким дозволено вхід до системи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Список користувачів, яким явно заборонено доступ; записи відокремлюються " +"комами." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Відокремлений комами список груп, користувачам яких дозволено вхід до " +"системи. Стосується лише груп у межах цього домену SSSD. Локальні групи не " +"обробляються." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Відокремлений комами список груп, користувачам яких явно заборонено доступ. " +"Стосується лише груп у межах цього домену SSSD. Локальні групи не " +"обробляються." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, щоб дізнатися більше про налаштування домену " +"SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Якщо не вказувати значень для жодного зі списків, вважатиметься, що параметр " +"не визначено. Пам’ятайте про це, якщо захочете створити параметри для " +"простого надавача автоматизованими скриптами." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Будь ласка, зауважте, що визначення обох параметрів, simple_allow_users і " +"simple_deny_users, є помилкою у налаштуванні." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " +"а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише параметри, специфічні для простого засобу " +"доступу." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"Повна обробка ієрархії участі у групах виконується до перевірки прав " +"доступу, отже, до списку груп доступу може бути включено навіть вкладені " +"групи. Будь ласка, зауважте, що на результати може вплинути значення " +"параметра «ldap_group_nesting_level». Вам слід встановити для нього достатнє " +"значення. Див. <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Модуль надання даних IPA SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу керування доступом IPA " +"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " +"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"Інструмент надання даних IPA — модуль, який використовується для " +"встановлення з’єднання з сервером IPA. (Інформацію щодо серверів IPA можна " +"знайти на сайті freeipa.org.) Цей інструмент надання доступу потребує " +"включення комп’ютера до домену IPA. Налаштування майже повністю " +"автоматизовано, дані для нього отримуються безпосередньо з сервера." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"Інструментом надання даних IPA використовуються ті самі параметри, що " +"використовуються надавачем даних профілів <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> та надавачем " +"даних для розпізнавання <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з певними винятками, " +"описаними нижче." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" +"Потреби у встановленні або використанні цих параметрів виникнути не повинно. " +"Інструментом надання даних IPA також можна скористатися для перевірки прав " +"доступу та зміни паролів. Для керування доступом використовуються правила " +"HBAC (host-based access control або керування доступом на основі даних щодо " +"вузлів). Докладнішу інформацію щодо HBAC можна отримати на сайті freeipa." +"org. У налаштуванні керування доступом на боці клієнта немає потреби." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"Інструмент надання даних IPA використовуватиме відповідач PAC, якщо квитки " +"Kerberos користувачів з довірених областей містять PAC. Для полегшення " +"налаштовування відповідач PAC запускається автоматично, якщо налаштовано " +"інструмент надання даних ідентифікаторів IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "ipa_domain (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Визначає назву домену IPA. Є необов’язковим. Якщо не вказано, буде " +"використано назву домену з налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Впорядкований за пріоритетом список IP-адрес або назв вузлів, відокремлених " +"комами, серверів IPA, з якими має встановити з’єднання SSSD. Докладніші " +"відомості щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є " +"необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші " +"відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК " +"СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" +"Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не " +"відповідає повній назві, що використовується доменом IPA для розпізнавання " +"цього вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" +"Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично " +"оновити на сервері DNS, вбудованому до FreeIPA v2, IP-адресу клієнта. Захист " +"оновлення буде забезпечено за допомогою GSS-TSIG. Для оновлення буде " +"використано IP-адресу з’єднання LDAP IPA, якщо не вказано іншу адресу за " +"допомогою параметра «dyndns_iface»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"ЗАУВАЖЕННЯ: на застарілих системах (зокрема RHEL 5) для надійної роботи у " +"цьому режимі типову область дії Kerberos має бути належним чином визначено " +"у /etc/krb5.conf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " +"<emphasis>ipa_dyndns_update</emphasis>, користувачам слід переходити на нову " +"назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"TTL, до якого буде застосовано клієнтський запис DNS під час його оновлення. " +"Якщо dyndns_update має значення false, цей параметр буде проігноровано. " +"Перевизначає TTL на боці сервера, якщо встановлено адміністратором." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " +"<emphasis>ipa_dyndns_ttl</emphasis>, користувачам слід переходити на нову " +"назву, <emphasis>dyndns_ttl</emphasis>, у файлі налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "Типове значення: 1200 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +#, fuzzy +#| msgid "" +#| "Optional. Applicable only when dyndns_update is true. Choose the " +#| "interface whose IP address should be used for dynamic DNS updates." +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" +"Необов’язковий. Застосовний лише тоді, коли dyndns_update має значення true. " +"Визначити інтерфейс, чию адресу IP має бути використано для динамічних " +"оновлень DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " +"<emphasis>ipa_dyndns_iface</emphasis>, користувачам слід переходити на нову " +"назву, <emphasis>dyndns_iface</emphasis>, у файлі налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +#, fuzzy +#| msgid "Default: Use the IP address of the IPA LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "Вмикає сайти DNS — визначення служб на основі адрес." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо " +"пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку " +"спробує визначення на основі адрес за допомогою запиту, що містить " +"\"_location.hostname.example.com\", а потім повертається до традиційного " +"визначення SRV. Якщо визначення на основі адреси буде успішним, сервери IPA, " +"виявлені на основі визначення за адресою, вважатимуться основним серверами, " +"а сервери IPA, виявлені за допомогою традиційного визначення SRV, " +"вважатимуться резервними серверами." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"Визначає, наскільки часто серверний модуль має виконувати періодичні " +"оновлення DNS на додачу до автоматичного оновлення, яке виконується під час " +"кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не " +"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"Визначає, чи слід явним чином оновлювати запис PTR під час оновлення записів " +"DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Значенням цього параметра у більшості розгорнутих систем IPA має бути False, " +"оскільки сервер IPA створює записи PTR автоматично після зміни у записах " +"переспрямовування." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "Типове значення: False (вимкнено)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"Визначає, чи слід у програмі nsupdate типово використовувати TCP для обміну " +"даними з сервером DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_server (string)" +msgstr "dyndns_iface (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +#, fuzzy +#| msgid "Default: False (let nsupdate choose the protocol)" +msgid "Default: None (let nsupdate choose the server)" +msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " +"HBAC об’єктів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "Типове значення: використання базової назви домену" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про " +"налаштування декількох основ пошуку." + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку карт " +"користувачів SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку основного " +"об’єкта домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" +"Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку контейнерів " +"перегляду." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" +"Типове значення: значення <emphasis>cn=views,cn=accounts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" +"Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" +"Зауважте, що це типове значення не збігається з типовим значенням засобу " +"модуля Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Назва області дії Kerberos. Є необов’язковою, типовим значенням є значення " +"«ipa_domain»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"Назва області дії Kerberos має особливе значення у IPA: цю назву буде " +"перетворено у основний DN для виконання дій LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" +"Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " +"канонічну форм під час встановлення з’єднання з LDAP IPA, а також для " +"запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible " +"authentication secure tunneling або FAST) для попереднього розпізнавання у " +"Kerberos. Передбачено такі варіанти:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "<emphasis>never</emphasis> — (ніколи) не використовувати FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" +"<emphasis>try</emphasis> — (спробувати) використати FAST. Якщо на сервері не " +"передбачено підтримки FAST, продовжити спробу розпізнавання без FAST. Це " +"еквівалентно невстановленню значення цього параметра взагалі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis> — використовувати FAST. Якщо на сервері не " +"передбачено підтримки FAST, спроба розпізнавання зазнає невдачі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "Типове значення: try" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT " +"Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою " +"версією MIT Kerberos і цим параметром, буде повідомлено про помилку у " +"налаштуваннях." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" +"Абсолютний шлях до каталогу, у якому SSSD має зберігати фрагменти " +"налаштувань Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" +"Щоб вимкнути створення фрагментів налаштувань, встановіть для параметра " +"значення «none»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" +"Типове значення: не встановлено (підкаталог krb5.include.d каталогу pubconf " +"SSSD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна " +"може зменшити час затримки та навантаження на сервер IPA, якщо протягом " +"короткого періоду часу надходить багато запитів щодо керування доступом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "Типове значення: 5 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"Проміжок часу між послідовними пошуками у картах SELinux щодо сервера IPA. " +"Зміна може зменшити час затримки та навантаження на сервер IPA, якщо " +"протягом короткого періоду часу надходить багато запитів щодо входу " +"користувача до системи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "Цей параметр має встановлюватися лише засобом встановлення IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" +"За допомогою цього параметра можна визначити, чи працює SSSD на сервері IPA " +"і має виконувати пошуки користувачів і груп з довірених доменів окремо." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" +"Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "Типове значення: адреса з назвою \"default\"" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "ПЕРЕГЛЯДИ і ПЕРЕВИЗНАЧЕННЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "Клас об’єктів для контейнерів перегляду." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "Типове значення: nsContainer" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "Назва атрибута, у якому зберігається назва перегляду." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "ipa_overide_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "Клас об’єктів для об’єктів перевизначення" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "Типове значення: ipaOverrideAnchor" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" +"Назва атрибута, у якому зберігається посилання на початковий об’єкт на " +"віддаленому домені." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "Типове значення: ipaAnchorUUID" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Назва класу об’єктів для перевизначень користувачів. Використовується для " +"визначення того, чи знайдений об’єкт перевизначення пов’язано з користувачем " +"або групою." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "Перевизначення користувачів можуть містити атрибути, задані" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "ldap_user_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "ldap_user_uid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "ldap_user_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "ldap_user_gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "ldap_user_home_directory" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "ldap_user_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "ldap_user_ssh_public_key" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "Типове значення: ipaUserOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Назва класу об’єктів для перевизначень груп. Використовується для визначення " +"того, чи знайдений об’єкт перевизначення пов’язано з користувачем або групою." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "Перевизначення груп можуть містити атрибути, задані" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "ldap_group_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "ldap_group_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "Типове значення: ipaGroupOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD може обробляти перегляди та перевизначення, які пропонуються FreeIPA " +"4.1 та новішими версіями. Оскільки усі шляхи і класи об’єктів зафіксовано на " +"боці сервера, в основному, немає потреби у додатковому налаштовуванні. Для " +"повноти, усі відповідні параметри наведено у списку разом з їхніми типовими " +"значеннями. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "СЛУЖБА ПІДДОМЕНІВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"Поведінка інструмента надання даних піддоменів IPA залежить від того, у який " +"спосіб його налаштовано: явний чи неявний." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Якщо у розділі домену sssd.conf буде знайдено запис параметра " +"«subdomains_provider = ipa», інструмент надання даних піддоменів IPA " +"налаштовано явно, отже всі запити піддоменів надсилатимуться серверу IPA, " +"якщо це потрібно." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Якщо у розділі домену sssdconf не встановлено параметр " +"«subdomains_provider», але встановлено параметр «id_provider = ipa», " +"інструмент надання даних піддоменів IPA налаштовано неявним чином. У цьому " +"випадку спроба запиту щодо піддомену зазнає невдачі і вказуватиме на те, що " +"на сервері не передбачено піддоменів, тобто його не налаштовано на довіру, " +"отже інструмент надання даних піддоменів IPA вимкнено. Щойно мине година або " +"відкриється доступ до інструмента надання даних IPA, інструмент надання " +"даних піддоменів буде знову увімкнено." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " +"а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише параметри доступу, специфічні для засобу " +"ipa." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Модуль надання даних Active Directory SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу керування доступом AD " +"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " +"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" +"Засіб надання даних AD — це модуль, що використовується для встановлення " +"з’єднання з сервером Active Directory. Цей засіб потребує долучення " +"комп’ютера до домену AD та доступності таблиці ключів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"У засобі надання даних AD передбачено підтримку встановлення з’єднання з " +"Active Directory 2008 R2 або пізнішою версією. Робота з попередніми версіями " +"можлива, але не підтримується." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +#, fuzzy +#| msgid "" +#| "The AD provider is able to provide identity information and " +#| "authentication for entities from trusted domains as well. Currently only " +#| "trusted domains in the same forest are recognized." +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" +"Модуль надання даних AD може надавати дані щодо ідентифікації та " +"розпізнавання і для записів з надійних доменів. У поточній версії " +"розпізнаються лише надійні домени з одного лісу." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" +"Інструментом надання даних AD використовуються ті самі параметри, що " +"використовуються надавачем даних профілів <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> та надавачем " +"даних для розпізнавання <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з певними винятками, " +"описаними нижче." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +#, fuzzy +#| msgid "" +#| "However, it is neither necessary nor recommended to set these options. " +#| "The AD provider can also be used as an access, chpass and sudo provider. " +#| "No configuration of the access provider is required on the client side." +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" +"Потреби у встановленні або використанні цих параметрів виникнути не повинно. " +"Інструментом надання даних AD також можна скористатися для перевірки прав " +"доступу, зміни паролів та доступу до sudo. У налаштовуванні керування " +"доступом на боці клієнта немає потреби." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" +"Типово, модуль надання даних AD виконуватиме прив’язку до значень UID та GID " +"з параметра objectSID у Active Directory. Докладніший опис наведено у " +"розділі «ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ». Якщо вам потрібно " +"вимкнути встановлення відповідності ідентифікаторів і покладатися на " +"атрибути POSIX, визначені у Active Directory, вам слід встановити " +"<placeholder type=\"programlisting\" id=\"0\"/> Щоб отримати дані щодо " +"користувачів і груп за допомогою атрибутів POSIX з надійних доменів, " +"адміністратор AD має переконатися, що атрибути POSIX відтворюються у " +"загальному каталозі (Global Catalog)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" +"Дані щодо користувачів, груп та інших записів, які обслуговуються SSSD, у " +"модулі надання даних AD завжди обробляються із врахуванням регістру символів " +"для забезпечення сумісності з реалізацією Active Directory у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "ad_domain (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Визначає назву домену Active Directory. Є необов’язковим. Якщо не вказано, " +"буде використано назву домену з налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Для забезпечення належної роботи цей параметр слід вказати у форматі запису " +"малими літерами повної версії назви домену Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Скорочена назва домену (також відома як назва NetBIOS або проста назва) " +"автоматично визначається засобами SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +#, fuzzy +#| msgid "" +#| "The comma-separated list of hostnames of the AD servers to which SSSD " +#| "should connect in order of preference. For more information on failover " +#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is " +#| "optional if autodiscovery is enabled. For more information on service " +#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"Впорядкований за пріоритетом список назв вузлів, відокремлених комами, " +"серверів AD, з якими має встановити з’єднання SSSD. Докладніші відомості " +"щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є " +"необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші " +"відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК " +"СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "ad_hostname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" +"Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не " +"відповідає повній назві, що використовується доменом Active Directory для " +"розпізнавання цього вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" +"Це поле використовується для визначення основної назви вузла, яка " +"використовуватиметься у таблиці ключів. Ця назва має відповідати назві " +"вузла, для якого випущено таблицю ключів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо " +"пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку " +"спробує визначити сервер Active Directory для встановлення з’єднання на " +"основі використання визначення сайтів Active Directory і повертається до " +"визначення за записами SRV DNS, якщо сайт AD не буде знайдено. Налаштування " +"SRV DNS, зокрема домен пошуку, використовуються також під час визначення " +"сайтів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" +"Цей параметр визначає фільтр керування доступом LDAP, якому має відповідати " +"запис користувача для того, щоб йому було надано доступ. Будь ласка, " +"зауважте, що слід явним чином встановити для параметра «access_provider» " +"значення «ad», щоб цей параметр почав діяти." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" +"У параметрі також передбачено підтримку визначення різних фільтрів для " +"окремих доменів або дерев. Цей розширений фільтр повинен мати такий формат: " +"«КЛЮЧОВЕ СЛОВО:НАЗВА:ФІЛЬТР». Набір підтримуваних ключових слів: «DOM», " +"«FOREST» або ключове слово слід пропустити." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" +"Якщо вказано ключове слово «DOM» або ключового слова не вказано, «НАЗВА» " +"визначає домен або піддомен, до якого застосовується фільтрування. Якщо " +"ключовим словом є «FOREST», фільтр застосовується до усіх доменів з лісу, " +"вказаного значенням «НАЗВА»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" +"Декілька фільтрів можна відокремити символом «?», подібно до способу " +"визначення фільтрів у базах для пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" +"Завжди використовується відповідник з найвищим рівнем відповідності. " +"Наприклад, якщо визначено фільтрування для домену, учасником якого є " +"користувач, і загальне фільтрування, буде використано фільтрування для " +"окремого домену. Якщо буде виявлено декілька відповідників з однаковою " +"специфікацією, використовуватиметься лише перший з них." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" +"# застосувати фільтрування лише для домену з назвою dom1:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# застосувати фільтрування лише для домену з назвою dom2:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# застосувати фільтрування лише для лісу з назвою EXAMPLE.COM:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "Типове значення: не встановлено" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "ad_site (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" +"Визначає сайт AD, з яким має встановлювати з’єднання клієнт. Якщо не буде " +"вказано, виконуватиметься спроба автоматичного визначення сайта AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" +"Типово, SSSD для отримання даних користувачів з надійних (довірених) доменів " +"спочатку встановлює з’єднання із загальним каталогом (Global Catalog). Якщо " +"ж отримати дані не вдасться, система використовує порт LDAP для отримання " +"даних щодо участі у групах. Вимикання цього параметра призведе до того, що " +"SSSD встановлюватиме зв’язок лише з портом LDAP поточного сервера AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" +"Будь ласка, зауважте, що вимикання підтримки загального каталогу (Global " +"Catalog) не призведе до вимикання спроб отримати дані користувачів з " +"надійних (довірених) доменів. Просто SSSD намагатиметься отримати ці ж дані " +"за допомогою порту LDAP надійних доменів. Втім, загальним каталогом (Global " +"Catalog) доведеться скористатися для визначення зв’язків даних щодо участі у " +"групах для різних доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" +"Цей параметр визначає режим роботи для функціональних можливостей керування " +"доступом на основі GPO: працюватиме система у вимкненому режимі, режимі " +"примушення чи дозвільному режимі. Будь ласка, зауважте, що для того, щоб цей " +"параметр запрацював, слід явним чином встановити для параметра " +"«access_provider» значення «ad»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" +"Функціональні можливості з керування доступом на основі GPO використовують " +"параметри правил GPO для визначення того, може чи не може той чи інший " +"користувач увійти до системи певного вузла мережі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" +"ЗАУВАЖЕННЯ: якщо встановлено режим роботи «примусовий» (enforcing), можлива " +"ситуація, коли користувачі, які раніше мали доступ до входу, позбудуться " +"такого доступу (через використання параметрів правил GPO). З метою полегшити " +"перехід на нову систему для адміністраторів передбачено дозвільний режим " +"доступу (permissive), за якого правила керування доступом не " +"встановлюватимуться у примусовому порядку. Програма лише перевірятиме " +"відповідність цим правилам і виводитиме до системного журналу повідомлення, " +"якщо доступ було надано усупереч цим правилам. Вивчення журналу надасть " +"змогу адміністраторам внести відповідні зміни до встановлення примусового " +"режиму (enforcing)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "У цього параметра є три підтримуваних значення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" +"disabled: правила керування доступом, засновані на GPO, не обробляються і не " +"використовуються примусово." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" +"enforcing: правила керування доступом, засновані на GPO, обробляються і " +"використовуються примусово." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" +"permissive: виконати перевірку відповідності правилам керування доступом на " +"основі GPO, але не наполягати на їхньому виконанні. Якщо правила не " +"виконуються, вивести до системного журналу повідомлення про те, що " +"користувачеві було б заборонено доступ, якби використовувався режим " +"enforcing." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "Типове значення: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "Типове значення: enforcing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" +"Проміжок часу між послідовними пошуками файлів правил GPO щодо сервера AD. " +"Зміна може зменшити час затримки та навантаження на сервер AD, якщо протягом " +"короткого періоду часу надходить багато запитів щодо керування доступом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких керування доступом на " +"основі GPO виконуватиметься на основі параметрів правил " +"InteractiveLogonRight і DenyInteractiveLogonRight." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" +"Зауваження: у редакторі керування правилами для груп це значення має назву " +"«Дозволити локальний вхід» («Allow log on locally») та «Заборонити локальний " +"вхід» («Deny log on locally»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «login») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" +"Типове значення: типовий набір назв служб PAM складається з таких значень:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "login" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "su" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "su-l" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "gdm-fingerprint" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "gdm-password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "gdm-smartcard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +#, fuzzy +#| msgid "kdm" +msgid "xdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких керування доступом на " +"основі GPO засновано на параметрах захисту RemoteInteractiveLogonRight і " +"DenyRemoteInteractiveLogonRight." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Дозволити вхід за допомогою служб віддаленої стільниці» («Allow " +"log on through Remote Desktop Services») та «Заборонити вхід за допомогою " +"служб віддаленої стільниці» («Deny log on through Remote Desktop Services»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «sshd») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "sshd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких керування доступом на " +"основі GPO засновано на параметрах захисту NetworkLogonRight і " +"DenyNetworkLogonRight." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Відкрити доступ до цього комп’ютера із мережі» («Access this " +"computer from the network») і «Заборонити доступ до цього комп’ютера із " +"мережі» (Deny access to this computer from the network»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «ftp») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "ftp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "samba" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких керування доступом на " +"основі GPO засновано на параметрах захисту BatchLogonRight і " +"DenyBatchLogonRight." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Дозволити вхід як пакетне завдання» («Allow log on as a batch " +"job») і «Заборонити вхід як пакетне завдання» («Deny log on as a batch job»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «crond») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "crond" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких керування доступом на " +"основі GPO засновано на параметрах захисту ServiceLogonRight і " +"DenyServiceLogonRight." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Дозволити вхід як службу» («Allow log on as a service») і " +"«Заборонити вхід як службу» («Deny log on as a service»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_service = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби». Оскільки типовий набір є порожнім, назви служби " +"з типового набору назв служб PAM вилучити неможливо. Наприклад, щоб додати " +"нетипову назву служби PAM (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" +"Список назв служб PAM, відокремлених комами, яким завжди надається доступ на " +"основі GPO, незалежно від будь-яких прав входу GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для безумовного дозволеного доступу " +"(наприклад, «sudo») з нетиповою назвою служби pam (наприклад, " +"«my_pam_service»), вам слід скористатися такими налаштуваннями: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "sudo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "sudo-i" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "systemd-user" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" +"Список назв служб PAM, відокремлених комами, яким завжди заборонено доступ " +"на основі GPO, незалежно від будь-яких прав входу GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_deny = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" +"За допомогою цього параметра визначається спосіб керування доступом для назв " +"служб PAM, які не вказано явним чином у одному з параметрів ad_gpo_map_*. " +"Цей параметр може бути встановлено у два різних способи. По-перше, цей " +"параметр можна встановити так, що використовуватиметься типовий вхід. " +"Наприклад, якщо для цього параметра встановлено значення «interactive», " +"непов’язані назви служб PAM оброблятимуться на основі параметрів правил " +"InteractiveLogonRight і DenyInteractiveLogonRight. Крім того, для цього " +"параметра можна встановити таке значення, щоб система завжди дозволяла або " +"забороняла доступ для непов’язаних назв служб PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "Передбачені значення для цього параметра:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "remote_interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "network" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "batch" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "service" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "permit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "Типове значення: deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30 days" +msgstr "Типове значення: 300" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +#, fuzzy +#| msgid "pam_account_expired_message (string)" +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "pam_account_expired_message (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +#, fuzzy +#| msgid "Default: 86400 (24 hours)" +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Типове значення: 86400 (24 години)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично " +"оновити IP-адресу цього клієнта на сервері DNS Active Directory. Захист " +"оновлення буде забезпечено за допомогою GSS-TSIG. Як наслідок, " +"адміністраторові Active Directory достатньо буде дозволити оновлення безпеки " +"для зони DNS. Для оновлення буде використано IP-адресу з’єднання LDAP AD, " +"якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "Типове значення: 3600 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +#, fuzzy +#| msgid "Default: Use the IP address of the AD LDAP connection" +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP AD" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "Типове значення: True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"Визначає, чи слід вважати реєстраційні дані користувача даними промислового " +"рівня. Див. розділ 5 RFC 6806, щоб дізнатися більше про промислові " +"реєстраційні дані." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " +"а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Інструмент керування доступом AD перевіряє, чи не завершено строк дії " +"облікового запису. Дає той самий результат, що і ось таке налаштовування " +"інструмента надання даних LDAP: <placeholder type=\"programlisting\" id=" +"\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" +"Втім, якщо явно не налаштовано засіб надання доступу «ad», типовим засобом " +"надання доступу буде «permit». Будь ласка, зауважте, що якщо вами " +"налаштовано засіб надання доступу, відмінний від «ad», вам доведеться " +"встановлювати усі параметри з’єднання (зокрема адреси LDAP та параметри " +"шифрування) вручну." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Налаштовування sudo за допомогою модуля SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"На цій сторінці підручника описано способи налаштовування <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"на роботу у комплексі з <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> та способи кешування правил sudo у " +"SSSD." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Налаштовування sudo на співпрацю з SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Щоб увімкнути SSSD як джерело правил sudo, додайте <emphasis>sss</emphasis> " +"до запису <emphasis>sudoers</emphasis> у файлі <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Наприклад, щоб налаштувати sudo на першочерговий пошук правил у стандартному " +"файлі <citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (цей файл має містити правила, що стосуються " +"локальних користувачів), а потім у SSSD, у файлі nsswitch.conf слід вказати " +"такий рядок:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Докладніші дані щодо налаштовування порядку пошуку у sudoers за допомогою " +"файла nsswitch.conf, а також дані щодо бази даних LDAP, у якій зберігаються " +"правила sudo каталогу, можна знайти на сторінці підручника <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" +"<emphasis>Зауваження</emphasis>: щоб у правилах sudo можна було " +"використовувати мережеві групи або групи вузлів IPA, вам слід належним чином " +"налаштувати <citerefentry> <refentrytitle>nisdomainname</refentrytitle> " +"<manvolnum>1</manvolnum> </citerefentry> на назву домену NIS (назва цього " +"домену збігається з назвою домену IPA, якщо використовуються групи вузлів " +"IPA)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Налаштовування SSSD на отримання правил sudo" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" +"На боці SSSD достатньо розширити список <emphasis>служб</emphasis> " +"дописуванням «sudo» до розділу [sssd] <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Щоб " +"пришвидшити пошуку у LDAP, ви також можете налаштувати базу пошуку для " +"правил sudo за допомогою параметра <emphasis>ldap_sudo_search_base</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"У наведеному нижче прикладі показано, як налаштувати SSSD на отримання " +"правил sudo з сервера LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" +"Якщо SSSD налаштовано на використання надавача даних IPA для ідентифікатора, " +"автоматично вмикається модуль надавача даних sudo. Базу пошуку sudo " +"налаштовано на використання ієрархії даних compat (ou=sudoers,$DC)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "Механізм кешування правил SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"Найбільшою складністю під час розробки підтримки sudo у SSSD було " +"забезпечення роботи sudo з SSSD так, щоб для користувача джерело даних " +"надавало дані у один спосіб та з тією самою швидкістю, що і sudo, надаючи " +"при цьому якомога свіжіший набір правил. Щоб виконати ці умови, SSSD " +"використовує оновлення трьох типів. Будемо називати ці тип повним " +"оновленням, інтелектуальним оновленням та оновленням правил." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"Використання типу <emphasis>інтелектуального оновлення</emphasis> полягає у " +"отриманні правил, які було додано або змінено з часу попереднього оновлення. " +"Основним призначенням оновлення такого типу є підтримання актуального стану " +"бази даних невеличкими порціями, які не спричиняють значного навантаження на " +"мережу." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"У разі використання <emphasis>повного оновлення</emphasis> всі правила sudo, " +"що зберігаються у кеші, буде вилучено і замінено на всі правила, які " +"зберігаються на сервері. Таким чином, кеш буде узгоджено шляхом вилучення " +"всіх правил, які було вилучено на сервері. Втім, повне оновлення може значно " +"навантажувати канал з’єднання, а отже його варто використовувати лише іноді. " +"Проміжок між сеансами повного оновлення має залежати від розміру і " +"стабільності правил sudo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"У разі використання типу <emphasis>оновлення правил</emphasis> " +"забезпечується ненадання користувачам ширших дозволів, ніж це було визначено " +"на сервері. Оновлення цього типу виконується під час кожного запуску " +"користувачем sudo. Під час оновлення буде виявлено всі правила, які " +"стосуються користувача, перевірено, чи не завершено строк дії цих правил, і " +"повторно отримано правила, якщо строк дії правил завершено. Якщо якихось з " +"правил не буде виявлено на сервері, SSSD виконає позачергове повне " +"оновлення, оскільки може виявитися, що було вилучено набагато більше правил " +"(які стосуються інших користувачів)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Якщо увімкнено, SSSD зберігатиме лише правила, які можна застосувати до " +"цього комп’ютера. Це означає, що зберігатимуться правила, що містять у " +"атрибуті <emphasis>sudoHost</emphasis> одне з таких значень:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "ключове слово ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "шаблон заміни" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "мережеву групу (у форматі «+мережева група»)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "назву вузла або повну назву у домені цього комп’ютера" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "одну з IP-адрес цього комп’ютера" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "одну з IP-адрес мережі (у форматі «адреса/маска»)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Для точного налаштовування поведінки передбачено доволі багато параметрів " +"Будь ласка, зверніться до розділу «ldap_sudo_*» у <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> та «sudo_*» у <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб ознайомитися з " +"докладним описом." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "Фонова служба безпеки системи" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"У <command>SSSD</command> передбачено набір фонових служб для керування " +"доступом до віддалених каталогів та механізмами розпізнавання. " +"<command>SSSD</command> надає операційній системі інтерфейси NSS і PAM, а " +"також систему придатних для під’єднання модулів для встановлення з’єднання з " +"декількома різними джерелами даних щодо облікових записів та інтерфейс D-" +"Bus. <command>SSSD</command> також є основою для систем перевірки " +"клієнтських систем та служб обслуговування правил доступу для проектів, " +"подібних до FreeIPA. <command>SSSD</command> надає стійкішу базу даних для " +"збереження записів локальних користувачів, а також додаткових даних щодо " +"користувачів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>РІВЕНЬ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>режим</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: додати часову позначку до діагностичних повідомлень." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: вимкнути часову позначку у діагностичних " +"повідомленнях" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>режим</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: додати значення мікросекунд до часової позначки у " +"діагностичних повідомленнях" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis>: вимкнути додавання мікросекунд до часової позначки" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" +"Надіслати діагностичні дані до файлів, а не до stderr. Типово файли журналів " +"зберігаються у <filename>/var/log/sssd</filename>, передбачено також окремий " +"журнал для кожної служби і домену SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "Перейти у режим фонової служби після запуску." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "Запустити програму у звичайному режимі, не створювати фонової служби." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Визначити нетиповий файл налаштувань. Типовим файлом налаштувань є " +"<filename>/etc/sssd/sssd.conf</filename>. Довідку щодо синтаксису та " +"параметрів файла налаштувань можна знайти на сторінці довідника (man) " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "Вивести номер версії і завершити роботу." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "Сигнали" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Повідомляє SSSD, що слід поступово завершити роботу всіх дочірніх процесів, " +"а потім завершити роботу монітора." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Повідомляє SSSD, що слід припинити запис до файлів діагностичних даних з " +"поточними дескрипторами, закрити і повторно відкрити ці файли. Цей сигнал " +"призначено для полегшення процедури архівування журналів за допомогою " +"програм, подібних до logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Наказує SSSD імітувати автономну дію, тривалість якої визначається " +"параметром «offline_timeout». Найкориснішим застосуванням є тестування " +"служби. Сигнал може бути надіслано або процесу sssd, або процесу sssd_be " +"безпосередньо." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Наказує SSSD перейти у режим роботи у мережі негайно. Найкориснішим " +"застосуванням є тестування служби. Сигнал може бути надіслано або процесу " +"sssd, або процесу sssd_be безпосередньо." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" +"Якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено значення «NO», " +"клієнтські програми не використовуватимуть fast у кеші у пам’яті." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "заплутування пароля у форматі звичайного тексту" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'><replaceable>[ПАРОЛЬ]</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> перетворює вказаний пароль на пароль у " +"форматі зручному для читання і розташовує його у розділі відповідного домену " +"файла налаштувань SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Пароль у форматі звичайного тексту буде прочитано зі стандартного джерела " +"вхідних даних або введено інтерактивно. Заплутану версію пароля буде " +"збережено у параметрі з назвою «ldap_default_authtok» вказаного домену SSSD, " +"параметру «ldap_default_authtok_type» буде надано значення " +"«obfuscated_password». Докладніший опис цих параметрів можна знайти на " +"сторінці підручника (man) <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Будь ласка, зауважте, що заплутування паролів <emphasis>не є справжнім " +"захистом</emphasis>, оскільки зловмисник може визначити алгоритм " +"заплутування за кодом програми. <emphasis>Наполегливо</emphasis> радимо вам " +"скористатися кращими механізмами захисту даних розпізнавання, зокрема " +"клієнтськими сертифікатами або GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" +"Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"Домен SSSD, для якого буде використано пароль. Типовою назвою є " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>ФАЙЛ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "Прочитати дані з файла налаштувань, вказаного позиційним параметром." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Типове значення: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +#, fuzzy +#| msgid "sss_userdel" +msgid "sss_override" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +#, fuzzy +#| msgid "" +#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#| "arg>" +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg " +"choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" +"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +#, fuzzy +#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" +"<option>--setattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" +"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +#, fuzzy +#| msgid "" +#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +#| "replaceable>" +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "SUDO OPTIONS" +msgid "COMMON OPTIONS" +msgstr "ПАРАМЕТРИ SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "Those options are available with all commands." +msgstr "Цим параметром не можна скористатися у надавачі даних IPA." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" +"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "sss_useradd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "створення нового запису користувача" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg " +"choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" +"<command>sss_useradd</command> створює обліковий запис користувача на основі " +"значень, вказаних у командному рядку та типових значень системи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>ідентифікатор " +"користувача</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Встановити для параметра ідентифікатора користувача (UID) значення " +"<replaceable>UID</replaceable>. Якщо таке значення не буде вказано, програма " +"вибере його автоматично." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>КОМЕНТАР</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Будь-який рядок тексту, що описує користувача. Часто використовується для " +"зберігання паспортного імені користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>ДОМАШНІЙ_КАТАЛОГ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" +"Домашній каталог облікового запису користувача. Типовою назвою такого " +"каталогу є назва, що утворюється додаванням <replaceable>ІМЕНІ_КОРИСТУВАЧА</" +"replaceable> до запису <filename>/home</filename>. Рядок, який буде додано " +"перед <replaceable>ІМЕНЕМ_КОРИСТУВАЧА</replaceable>, можна визначити за " +"допомогою параметра «user_defaults/baseDirectory» у sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>ОБОЛОНКА</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" +"Командна оболонка реєстрації користувача. У поточній версії типовою " +"оболонкою є <filename>/bin/bash</filename>. Типову оболонку можна змінити за " +"допомогою параметра «user_defaults/defaultShell» у sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-G</option>,<option>--groups</option> <replaceable>ГРУПИ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "Список груп, учасником яких є користувач." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "<option>-m</option>,<option>--create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" +"Створити домашній каталог користувача, якщо такого ще не існує. До такого " +"домашнього каталогу буде скопійовано файли і каталоги з каркасного каталогу " +"(який можна визначити за допомогою параметра -k або запису у файлі " +"налаштувань)." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" +"Не створювати домашнього каталогу користувача. Має пріоритет над іншими " +"параметрами налаштування." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" +"<option>-k</option>,<option>--skel</option> <replaceable>КАТАЛОГ_SKEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" +"Каркасний каталог, який містить файли і каталоги, які буде скопійовано до " +"домашнього каталогу користувача, коли такий домашній каталог створюється " +"командою <command>sss_useradd</command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" +"Спеціальні файли (блокові пристрої, символьні пристрої, іменовані канали та " +"сокети UNIX) скопійовано не буде." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" +"Цей параметр набуде чинності, лише якщо вказано параметр <option>-m</option> " +"(або <option>--create-home</option>) або для створення домашніх каталогів " +"вказано TRUE у налаштуваннях." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>КОРИСТУВАЧ_SELINUX</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" +"Користувач SELinux, що відповідає користувачеві, який увійшов до системи. " +"Якщо не вказано, буде використано типового користувача системи." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "Модуль надання даних Kerberos SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу розпізнавання Kerberos " +"5 для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " +"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Модуль розпізнавання Kerberos 5 містити засоби розпізнавання та зміни " +"паролів. З метою отримання належних результатів його слід використовувати " +"разом з інструментом обробки профілів (наприклад, id_provider = ldap). Деякі " +"з даних, потрібних для роботи модуля розпізнавання Kerberos 5, має бути " +"надано інструментом обробки профілів, серед цих даних Kerberos Principal " +"Name (UPN) або реєстраційне ім’я користувача. У налаштуваннях інструменту " +"обробки профілів має бути запис з визначенням UPN. Докладні настанови щодо " +"визначення такого UPN має бути викладено на сторінці довідника (man) " +"відповідного інструменту обробки профілів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"У цьому інструменті керування даними також передбачено можливості керування " +"доступом, засновані на даних з файла .k5login у домашньому каталозі " +"користувача. Докладніші відомості можна отримати з підручника до " +"<citerefentry> <refentrytitle>.k5login</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>. Зауважте, що якщо файл .k5login виявиться " +"порожнім, доступ користувачеві буде заборонено. Щоб задіяти можливість " +"керування доступом, додайте рядок «access_provider = krb5» до ваших " +"налаштувань SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"У випадку, коли доступу до UPN у модулі профілів не передбачено, " +"<command>sssd</command> побудує UPN у форматі <replaceable>ім’я_користувача</" +"replaceable>@<replaceable>область_krb5</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів " +"Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути " +"впорядковано за пріоритетом. Докладніше про резервування та додаткові " +"сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може " +"бути додано номер порту (перед номером слід вписати двокрапку). Якщо " +"параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше " +"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"Назва області Kerberos. Цей параметр є обов’язковим, його неодмінно слід " +"вказати." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Якщо службу зміни паролів не запущено на KDC, тут можна визначити " +"альтернативні сервери. До адрес або назв вузлів можна додати номер порту " +"(перед яким слід вписати двокрапку)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Додаткові відомості щодо резервних серверів можна знайти у розділі «РЕЗЕРВ». " +"Зауваження: навіть якщо список всіх серверів kpasswd буде вичерпано, модуль " +"не перемкнеться у автономний режим роботи, якщо розпізнавання за KDC " +"залишатиметься можливим." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Типове значення: використання KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" +"Каталог для зберігання кешу реєстраційних даних. Тут також можна " +"використовувати усі замінники з krb5_ccname_template, окрім %d та %P. " +"Каталог створюється як конфіденційний, власником є користувач, права доступу " +"— 0700." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Типове значення: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (рядок)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "ім'я користувача" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "ідентифікатор користувача" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "назва реєстраційного запису" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "назва області" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "домашній каталог" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "значення krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "ідентифікатор процесу клієнтської частини SSSD" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "символ відсотків («%»)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" +"Розташування кешу з реєстраційними даними користувача У поточній версії " +"передбачено підтримку трьох типів кешу реєстраційних даних: <quote>FILE</" +"quote>, <quote>DIR</quote> та <quote>KEYRING:persistent</quote>. Кеш може " +"бути вказано або у форматі <replaceable>ТИП:РЕШТА</replaceable>, або у " +"форматі абсолютного шляху (тоді вважається, що типом кешу є <quote>FILE</" +"quote>). У шаблоні передбачено можливість використання таких послідовностей-" +"замінників: <placeholder type=\"variablelist\" id=\"0\"/> Якщо шаблон " +"завершується послідовністю «XXXXXX», для безпечного створення назви файла " +"використовується mkstemp(3)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" +"Якщо використовуються типи KEYRING, єдиним підтримуваним механізмом є " +"«KEYRING:persistent:%U», тобто використання сховища ключів ядра Linux для " +"зберігання реєстраційних даних на основі поділу за UID. Цей варіант є " +"рекомендованим, оскільки це найбезпечніший та найпередбачуваніший спосіб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" +"Типове значення назви кешу реєстраційних даних буде запозичено з " +"загальносистемного профілю, що зберігається у файлі налаштувань krb5.conf, " +"розділ [libdefaults]. Назва параметра — default_ccache_name. Див. розділ " +"щодо розгортання параметрів (PARAMETER EXPANSION) у довідці щодо krb5." +"conf(5), щоб отримати додаткові дані щодо формату розгортання, використаного " +"у krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" +"ЗАУВАЖЕННЯ: майте на увазі, що шаблон розширення ccache libkrb5 з " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> використовує інші послідовності розширення, що не " +"збігаються із використаними у SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Типове значення: (з libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Час очікування, по завершенню якого буде перервано запит щодо розпізнавання " +"або зміни пароля у мережі. Якщо це можливо, обробку запиту щодо " +"розпізнавання буде продовжено у автономному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"Перевірити за допомогою krb5_keytab, чи отриманий TGT не було підмінено. " +"Перевірка записів у таблиці ключів виконується послідовно. Для перевірки " +"використовується перший запис з відповідним значенням області. Якщо не буде " +"знайдено жодного відповідного області запису, буде використано останній " +"запис з таблиці ключів. Цим процесом можна скористатися для перевірки " +"середовищ за допомогою зв’язків довіри між записами областей: достатньо " +"розташувати відповідний запис таблиці ключів на останньому місці або зробити " +"його єдиним записом у файлі таблиці ключів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"Розташування таблиці ключів, якою слід скористатися під час перевірки " +"реєстраційних даних, отриманих від KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "Типове значення: /etc/krb5.keytab" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (булівське значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"Зберігати пароль користувача, якщо засіб перевірки перебуває поза мережею, і " +"використовувати його для запитів TGT після встановлення з’єднання з засобом " +"перевірки." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"Зауваження: ця можливість у поточній версії доступна лише на платформі " +"Linux. Паролі зберігатимуться у форматі звичайного тексту (без шифрування) у " +"сховищі ключів ядра, потенційно до них може отримати доступ адміністративний " +"користувач (root), але йому для цього слід буде подолати деякі перешкоди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Надіслати запит щодо поновлюваного квитка з загальним строком дії, вказаним " +"за допомогою цілого числа, за яким одразу вказано одиницю часу:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> — секунди" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> — хвилини" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> — години" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> — дні." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" +"Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю " +"<emphasis>s</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам " +"потрібно встановити строк дії у півтори години, слід вказати «90m», а не " +"«1h30m»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Типове значення: не встановлено, тобто TGT не є оновлюваним" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Надіслати запит щодо квитка з загальним строком дії, вказаним за допомогою " +"цілого числа, за яким одразу вказано одиницю часу:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" +"Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю " +"<emphasis>s</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам " +"потрібно встановити строк дії у півтори години, слід вказати «90m», а не " +"«1h30m»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Типове значення: не встановлено, тобто типовий строк дії квитка " +"визначатиметься у налаштуваннях KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Час у секундах між двома послідовними перевірками того, чи слід оновлювати " +"записи TGT. Записи TGT оновлюються після завершення приблизно половини " +"їхнього строку дії, що задається як ціле число з наступним позначенням " +"одиниці часу:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Якщо значення для цього параметра встановлено не буде або буде встановлено " +"значення 0, автоматичного оновлення не відбуватиметься." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> використовувати FAST, рівнозначний варіанту, за " +"якого значення цього параметра взагалі не задається." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> — використовувати FAST. Якщо на сервері не " +"передбачено підтримки FAST, продовжити розпізнавання без FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Типове значення: не встановлено, тобто FAST не використовується." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" +"Зауваження: будь ласка, зауважте, що для використання FAST потрібна таблиця " +"ключів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" +"Визначає реєстраційний запис сервера, який слід використовувати для FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " +"канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "Типове значення: false (надається AD: true)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" +"Список прив’язок визначається як список пар «користувач:основа», де " +"«користувач» — ім’я користувача UNIX, а «основа» — частина щодо користувача " +"у реєстраційному записі kerberos. Ця прив’язка використовується, якщо " +"користувач проходить розпізнавання із використанням «auth_provider = krb5»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" +"<quote>joe</quote> і <quote>dick</quote> — імена користувачів UNIX, а " +"<quote>juser</quote> і <quote>richard</quote> основні частини реєстраційних " +"записів kerberos. Для користувачів <quote>joe</quote> та, відповідно, " +"<quote>dick</quote> SSSD намагатиметься виконати ініціалізацію kinit як " +"<quote>juser@REALM</quote> і, відповідно, <quote>richard@REALM</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Якщо у домені SSSD використано auth-module krb5, має бути використано " +"вказані нижче параметри. Зверніться до сторінки довідника (man) " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, розділ «РОЗДІЛИ ДОМЕНІВ», щоб дізнатися більше " +"про налаштування домену SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"У наведеному нижче прикладі припускається, що SSSD налаштовано належним " +"чином, а FOO є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише налаштування розпізнавання аз допомогою " +"Kerberos, там не вказано інструменту обробки профілів." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "sss_groupadd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "створення нової групи" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" +"<command>sss_groupadd</command> створює групу. Такі групи є сумісними з " +"групами POSIX. Додатковою можливістю цих груп є те, що учасниками можуть " +"бути інші групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" +"Встановити для параметра ідентифікатора групи (GID) значення " +"<replaceable>GID</replaceable>. Якщо таке значення не буде вказано, програма " +"вибере його автоматично." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "sss_userdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "вилучення облікового запису користувача" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg " +"choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" +"<command>sss_userdel</command> вилучає обліковий запис користувача " +"<replaceable>ІМ’Я_КОРИСТУВАЧА</replaceable> з системи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "<option>-r</option>,<option>--remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Файли у домашньому каталозі користувача буде вилучено разом з самим домашнім " +"каталогом та поштовим буфером користувача. Може бути перевизначено у " +"налаштуваннях." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "<option>-R</option>,<option>--no-remove</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" +"Файли у домашньому каталозі користувача НЕ буде вилучено разом з самим " +"домашнім каталогом та поштовим буфером користувача. Може бути перевизначено " +"у налаштуваннях." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "<option>-f</option>,<option>--force</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" +"За допомогою цього параметра можна примусити <command>sss_userdel</command> " +"вилучати домашній каталог користувача та буфер пошти, навіть якщо їхнім " +"власником не є вказаний користувач." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "<option>-k</option>,<option>--kick</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" +"До вилучення запису користувача завершити роботу всіх процесів, власником " +"яких є цей користувач." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "sss_groupdel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "вилучення групи" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" +"<command>sss_groupdel</command> вилучає групу, вказану за допомогою " +"аргументу <replaceable>ГРУПА</replaceable>, з системи." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "sss_groupshow" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "показ параметрів групи" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" +"<command>sss_groupshow</command> показує дані щодо групи, вказаної за " +"назвою, <replaceable>ГРУПА</replaceable>. Серед даних буде ідентифікаційний " +"номер групи, кількість учасників групи та назва батьківської групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "<option>-R</option>,<option>--recursive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" +"Вивести також список непрямих учасників групи у форматі деревоподібної " +"ієрархії. Зауважте, що використання параметра також вплине на виведення " +"батьківських груп: без <option>R</option> буде виведено список лише " +"безпосередніх батьківських груп." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "sss_usermod" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "зміна облікового запису користувача" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'><replaceable>ІМ’Я_КОРИСТУВАЧА</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" +"<command>sss_usermod</command> змінює параметри облікового запису " +"<replaceable>ІМ’Я_КОРИСТУВАЧА</replaceable> відповідно до значень, вказаних " +"у командному рядку." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "Домашній каталог облікового запису користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "Оболонка для входу користувача до системи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" +"Додати запис користувача до груп, вказаних за допомогою параметра " +"<replaceable>ГРУПИ</replaceable>. Параметр <replaceable>ГРУПИ</replaceable> " +"є списком груп, відокремлених комами." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Вилучає запис користувача з груп, вказаних за допомогою параметра " +"<replaceable>ГРУПИ</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "<option>-l</option>,<option>--lock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" +"Заблокувати обліковий запис користувача. Заблокований користувач не зможе " +"входити до системи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "<option>-u</option>,<option>--unlock</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "Розблокувати обліковий запис користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "Ім’я користувача SELinux, що відповідає імені для входу до системи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" +"<option>--addattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "Додати пару атрибут-значення. Форматування: атрибут=значення." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" +"<option>--setattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" +"Встановити для вказаного за назвою атрибута значення. Форматування: " +"атрибут=значення. Для атрибутів з декількома значеннями команда призведе до " +"заміни поточних значень." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" +"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "Вилучити пару атрибут-значення. Форматування: атрибут=значення." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "виконати спорожнення кешу" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" +"<command>sss_cache</command> скасовує визначення записів у кеші SSSD. Дані " +"записів зі скасованими визначеннями буде перезавантажено з сервера у " +"примусовому порядку, щойно відповідний модуль SSSD отримає до них доступ." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>реєстраційні дані</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "Скасувати визначення вказаного користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за " +"параметр скасування визначення для будь-якого користувача, якщо такий " +"параметр вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>група</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "Скасувати визначення вказаної групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Скасувати визначення записів для всіх груп. Цей параметр має вищий пріоритет " +"за параметр скасування визначення для будь-якої групи, якщо такий параметр " +"вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>мережева група</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "Скасувати визначення вказаної мережевої групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Скасувати визначення всіх записів мережевих груп. Цей параметр має вищий " +"пріоритет за параметр скасування визначення для будь-якої мережевої групи, " +"якщо такий параметр вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>служба</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "Скасувати визначення вказаної служби." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Скасувати визначення всіх записів служб. Цей параметр має вищий пріоритет за " +"параметр скасування визначення для будь-якої служби, якщо такий параметр " +"вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>карта autofs</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "Скасувати визначення певної карти autofs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Скасувати визначення всіх записів карт autofs. Цей параметр має вищий " +"пріоритет за параметр скасування визначення для будь-якої карти, якщо такий " +"параметр вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>назва вузла</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "Скасувати чинність відкритих ключів SSH певного вузла." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "<option>-H</option>,<option>--ssh-hosts</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" +"Скасувати чинність усіх відкритих ключів SSH усіх вузлів. Цей параметр " +"перевизначає скасовування чинності ключів SSH певних вузлів, якщо для них " +"було використано таке скасовування." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>домен</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Обмежити процедуру скасування визначення лише певним доменом." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "змінити рівень діагностики протягом сеансу роботи з SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg " +"choice='plain'><replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" +"<command>sss_debuglevel</command> змінює рівень діагностики засобу " +"спостереження та надавачів даних SSSD на вказане значення " +"<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable> під час роботи SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "надсилає дані кешу SSSD щодо користувача" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>ДОМЕН</replaceable></" +"arg> <arg choice='plain'>-n <replaceable>КОРИСТУВАЧ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> розповсюджує кеш SSSD з записом користувача і " +"тимчасовим паролем. Якщо запис користувача вже є у кеші SSSD, запис буде " +"оновлено зі встановленням тимчасового пароля." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>ДОМЕН</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Визначає назву домену, учасником якого є користувач. Домен використовується " +"для отримання даних щодо користувачів. Домен має бути налаштовано у sssd." +"conf. Має бути надано аргумент <replaceable>ДОМЕН</replaceable>. Дані, " +"отримані з домену, матимуть вищий пріоритет за дані, вказані за допомогою " +"параметрів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>КОРИСТУВАЧ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"Ім’я користувача, запис якого слід створити або змінити у кеші. Має бути " +"вказано аргумент <replaceable>КОРИСТУВАЧ</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Встановити UID користувача у значення <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Встановити GID користувача у значення <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Встановити домашній каталог користувача у значення " +"<replaceable>ДОМАШНІЙ_КАТАЛОГ</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Встановити оболонку реєстрації користувача у значення <replaceable>ОБОЛОНКА</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Інтерактивний режим для введення даних користувача. У разі використання " +"цього параметра програма надсилатиме запит лише щодо даних, які не було " +"отримано з параметрів команди або домену." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>ФАЙЛ_ПАРОЛІВ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Вказати файл, звідки слід читати дані щодо паролів користувачів. Якщо пароль " +"не буде знайдено, програма надішле запит на його введення." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"Довжина пароля (або розмір файла, визначеного за допомогою параметра -p або " +"--password-file) має бути меншою або рівною PASS_MAX байтів (64 байти у " +"системах без визначеного на загальному рівні значення PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "Відповідач InfoPipe SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу надання відповідей " +"InfoPipe для <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис " +"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"Відповідач InfoPipe забезпечує роботу відкритого інтерфейсу D-Bus над " +"системним каналом повідомлень. За допомогою цього інтерфейсу користувачі " +"можуть надсилати загальносистемним каналом повідомлень запити щодо " +"інформації про віддалених користувачів і групи." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" +"Цими параметрами можна скористатися для налаштовування відповідача InfoPipe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Визначає список значень UID або імен користувачів, відокремлених комами. " +"Користувачам з цього списку буде дозволено доступ до відповідача InfoPipe. " +"UID за іменами користувачів визначатимуться під час запуску." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"Типове значення: 0 (доступ до відповідача InfoPipe має лише адміністративний " +"користувач (root))" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID " +"буде перевизначено на основі цього параметра. Якщо ви хочете надати " +"адміністративному користувачеві (root) доступ до відповідача InfoPipe, що " +"може бути типовим варіантом, вам слід додати до списку UID з правами доступу " +"запис 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Визначає список атрибутів з «білого» або «чорного» списків, відокремлених " +"комами." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "реєстраційне ім’я користувача" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "ідентифікатор користувача" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "ідентифікатор основної групи" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "дані щодо користувача, типово ім’я повністю" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "командна оболонка користувача" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Типово, відповідач InfoPipe надає дані лише щодо типового набору атрибутів " +"POSIX. Цей набір є тим самим, який повертає програма <citerefentry> " +"<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>, його елементи: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Ви можете додати інший атрибут до цього набору за допомогою параметра " +"«+назва_атрибута» або явним чином виключити атрибут за допомогою параметра «-" +"назва_атрибута». Наприклад, щоб дозволити «telephoneNumber», але заборонити " +"«loginShell», вам слід скористатися такими налаштуваннями: <placeholder type=" +"\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Типове значення: не встановлено. Дозволено лише типовий набір атрибутів " +"POSIX." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Розробник (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Розробник (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "sss_rpcidmapd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "Директиви налаштовування додатка sss для rpc.idmapd" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "ФАЙЛ НАЛАШТУВАНЬ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" +"Файл налаштувань rpc.idmapd зазвичай зберігається тут: <emphasis>/etc/idmapd." +"conf</emphasis>. Див. підручник з <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися " +"більше.\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "РОЗШИРЕННЯ НАЛАШТОВУВАННЯ SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "Вмикання додатка SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" +"У розділі «[Translation]» змініть або додайте атрибут «Method» із вмістом " +"<emphasis>sss</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "Розділ налаштовування [sss]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" +"Якщо вам потрібно змінити типове значення одного з атрибутів налаштувань, " +"перелічених нижче, додатка <emphasis>sss</emphasis>, вам слід створити " +"розділ налаштувань для нього з назвою «[sss]»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "Атрибути налаштувань" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "memcache (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "Визначає, чи слід використовувати методику оптимізації кешу у пам’яті." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "ІНТЕГРАЦІЯ З SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" +"Додаток sss потребує вмикання <emphasis>Відповідача NSS</emphasis> у sssd." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" +"Атрибут «use_fully_qualified_names» має бути увімкнено для усіх доменів " +"(клієнти NFSv4 очікують на те, що надсилається назва повністю)." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# домен має бути синхронізовано між сервером NFSv4 та клієнтами\n" +"# У Solaris/Illumos/AIX типово використовується \"локальний домен\"!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"У наведеному нижче прикладі показано мінімальний вигляд idmapd.conf, де " +"використовується додаток sss. <placeholder type=\"programlisting\" id=\"0\"/" +">" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "ТАКОЖ ПЕРЕГЛЯНЬТЕ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "отримати уповноважені ключі OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>параметри</replaceable> </arg> <arg " +"choice='plain'><replaceable>КОРИСТУВАЧ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> отримує відкриті ключі SSH для " +"користувача <replaceable>КОРИСТУВАЧ</replaceable> і виводить їх у форматі " +"authorized_keys OpenSSH (щоб дізнатися більше, див. розділ <quote>ФОРМАТ " +"ФАЙЛІВ AUTHORIZED_KEYS</quote> на сторінці підручника (man) з " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> можна налаштувати на використання " +"<command>sss_ssh_authorizedkeys</command> для розпізнавання користувачів за " +"відкритими ключами, якщо програму зібрано з підтримкою параметра " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> <quote>AuthorizedKeysCommand</quote> або " +"<quote>PubkeyAgent</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" +"Якщо передбачено підтримку <quote>AuthorizedKeysCommand</quote>, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> можна налаштувати на використання ключів за допомогою таких " +"інструкцій у <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" +"Якщо передбачено підтримку <quote>PubkeyAgent</quote>, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> може бути налаштовано на використання ключів за допомогою " +"такої інструкції <citerefentry> <refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Шукати відкриті ключі користувачів у домені SSSD <replaceable>ДОМЕН</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "СТАН ВИХОДУ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" +"У випадку успіху значення стану виходу дорівнює 0. У всіх інших випадках " +"програма повертає 1." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "отримати ключі вузла OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>параметри</replaceable> </arg> <arg " +"choice='plain'><replaceable>ВУЗОЛ</replaceable></arg> <arg " +"choice='opt'><replaceable>КОМАНДА_ПРОКСІ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> отримує відкриті ключі вузла SSH " +"для вузла <replaceable>ВУЗОЛ</replaceable>, зберігає їх до нетипового файла " +"OpenSSH known_hosts (щоб дізнатися більше, ознайомтеся з розділом " +"<quote>ФОРМАТ ФАЙЛІВ SSH_KNOWN_HOSTS</quote> сторінки підручника (man) " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>) за адресою <filename>/var/lib/sss/pubconf/known_hosts</" +"filename> і встановлює з’єднання з вузлом." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Якщо вказано параметр <replaceable>КОМАНДА_ПРОКСІ</replaceable>, замість " +"відкриття сокета для створення з’єднання буде використано відповідну команду." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> можна налаштувати на використання " +"<command>sss_ssh_knownhostsproxy</command> для розпізнавання вузлів за " +"ключами за допомогою таких інструкцій у налаштуваннях " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>ПОРТ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Використовувати для встановлення з’єднання з вузлом порт <replaceable>ПОРТ</" +"replaceable>. Типовим портом є порт 22." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Шукати відкриті ключі вузлів у домені SSSD <replaceable>ДОМЕН</replaceable>." + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "ПОШУК СЛУЖБ" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"За допомогою можливості виявлення служб основні модулі мають змогу " +"автоматично визначати відповідні сервери для встановлення з’єднання на " +"основі даних, отриманих у відповідь на спеціальний запит до DNS. Підтримки " +"цієї можливості для резервних серверів не передбачено." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Налаштування" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Якщо серверів не буде вказано, модуль автоматично використає визначення " +"служб для пошуку сервера. Крім того, користувач може використовувати і " +"фіксовані адреси серверів і виявлення служб. Для цього слід вставити " +"особливе ключове слово, «_srv_», до списку серверів. Пріоритет визначається " +"за вказаним порядком. Ця можливість є корисною, якщо, наприклад, користувач " +"надає перевагу використанню виявлення служб, якщо це можливо, з поверненням " +"до використання певного сервера, якщо за допомогою DNS не вдасться виявити " +"жодного сервера." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Назва домену" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"З докладнішими відомостями щодо параметра «dns_discovery_domain» можна " +"ознайомитися на сторінці підручника (man) <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Протокол" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Запитами зазвичай визначається протокол _tcp. Виключення документовано у " +"описі відповідного параметра." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Також прочитайте" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Докладніші відомості щодо механізмів визначення служб можна знайти у RFC " +"2782." + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "РЕЗЕРВ" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"Можливість резервування надає змогу модулям обробки автоматично перемикатися " +"на інші сервери, якщо спроба встановлення з’єднання з поточним сервером " +"зазнає невдачі." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Синтаксичні конструкції визначення резервного сервера" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"Список записів серверів, відокремлених комами. Між комами можна " +"використовувати довільну кількість пробілів. Порядок у списку визначає " +"пріоритет. У списку може бути будь-яка кількість записів серверів." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"Для кожного з параметрів налаштування з увімкненим резервним отриманням " +"існує два варіанти: <emphasis>основний</emphasis> і <emphasis>резервний</" +"emphasis>. Ідея полягає у тому, що сервери з основного списку мають вищий " +"пріоритет за резервні сервери, пошук же на резервних серверах виконується, " +"лише якщо не вдасться з’єднатися з жодним з основних серверів. Якщо буде " +"вибрано резервний сервер, встановлюється час очікування у 31 секунду. Після " +"завершення часу очікування SSSD періодично намагатиметься повторно " +"встановити з’єднання з основними серверами. Якщо спроба буде успішною, " +"поточний активний резервний сервер буде замінено на основний." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Механізм визначення резервного сервера" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Механізмом резервного використання розрізняються окремі комп’ютери і служби. " +"Спочатку модуль намагається визначити назву вузла вказаного комп’ютера. Якщо " +"спроби визначення зазнають невдачі, комп’ютер вважатиметься від’єднаним від " +"мережі. Подальших спроб встановити з’єднання з цим комп’ютером для всіх " +"інших служб не виконуватиметься. Якщо вдасться виконати визначення, модуль " +"зробити спробу встановити з’єднання зі службою на визначеному комп’ютері. " +"Якщо спроба з’єднання зі службою не призведе до успіху, непрацездатною " +"вважатиметься лише служба, модуль автоматично перемкнеться на наступну " +"службу. Комп’ютер служби вважатиметься з’єднаним з мережею, можливі подальші " +"спроби використання інших служб." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Подальші спроби встановлення з’єднання з комп’ютерами або службами, " +"позначеними як такі, що перебувають поза мережею, буде виконано за певний " +"проміжок часу. У поточній версії цей проміжок є незмінним і дорівнює 30 " +"секундам." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим " +"автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд." + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"Можливість встановлення відповідності ідентифікаторів надає SSSD змогу " +"працювати у режимі клієнта Active Directory без потреби для адміністраторів " +"розширювати атрибути користувача з метою підтримки атрибутів POSIX для " +"ідентифікаторів користувачів та груп." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"Зауваження: якщо увімкнено встановлення відповідності ідентифікаторів, " +"атрибути uidNumber та gidNumber буде проігноровано. Так зроблено з метою " +"уникання конфліктів між автоматично визначеними та визначеними вручну " +"значеннями. Якщо вам потрібно призначити певні значення вручну, вручну " +"доведеться призначати ВСІ значення." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" +"Будь ласка, зауважте, що зміна параметрів налаштувань, пов’язаних із " +"встановленням відповідності ідентифікаторів, призведе до зміни " +"ідентифікаторів користувачів і груп. У поточній версії SSSD зміни " +"ідентифікаторів не передбачено, отже, вам доведеться вилучити базу даних " +"SSSD. Оскільки кешовані паролі також зберігаються у базі даних, вилучення " +"бази даних слід виконувати, лише якщо сервери розпізнавання є доступними, " +"інакше користувачі не зможуть отримати потрібного їм доступу. З метою " +"кешування паролів слід виконати сеанс розпізнавання. Для вилучення бази " +"даних недостатньо використання команди <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, процедура має складатися з декількох кроків:" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "Переконуємося, що віддалені сервери є доступними." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Зупиняємо роботу служби SSSD" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Вилучаємо базу даних" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Запускаємо службу SSSD" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" +"Крім того, оскільки зміна ідентифікаторів може потребувати коригування інших " +"властивостей системи, зокрема прав власності на файли і каталоги, варто " +"спланувати усе наперед і ретельно перевірити налаштування встановлення " +"відповідності ідентифікаторів." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Алгоритм встановлення відповідності" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory надає значення objectSID для всіх об’єктів користувачів і " +"груп у каталозі. Таке значення objectSID можна розбити на компоненти, які " +"відповідають профілю домену Active Directory та відносному ідентифікатору " +"(RID) об’єкта користувача або групи." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"Алгоритмом встановлення відповідності ідентифікаторів SSSD передбачено поділ " +"діапазону доступних UID на розділи однакових розмірів, які називаються " +"«зрізами». Кожен зріз відповідає простору, доступному певному домену Active " +"Directory." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Коли SSSD вперше зустрічає запис користувача або групи певного домену, SSSD " +"віддає один з доступних зрізів під цей домен. З метою уможливлення " +"відтворення такого призначення зрізів на різних клієнтських системах, зріз " +"вибирається за таким алгоритмом:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"Рядок SID передається алгоритмові murmurhash3 з метою перетворення його на " +"хешоване 32-бітове значення. Для вибору зрізу використовується ціла частина " +"від ділення цього значення на загальну кількість доступних зрізів." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"Зауваження: за такого алгоритму можливі збіги за хешем та відповідною цілою " +"частиною від ділення. У разі виявлення таких збігів буде вибрано наступний " +"доступних зріз, але це може призвести до неможливості відтворити точно такий " +"самий набір зрізів на інших комп’ютерах (оскільки в такому разі на вибір " +"зрізів може вплинути порядок, у якому виконується обробка даних). Якщо ви " +"зіткнулися з подібною ситуацією, рекомендуємо вам або перейти на " +"використання явних атрибутів POSIX у Active Directory (вимкнути встановлення " +"відповідності ідентифікаторів) або налаштувати типовий домен з метою " +"гарантування того, що принаймні цей домен матиме еталонні дані. Докладніше " +"про це у розділі «Налаштування»." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" +"Мінімальне налаштовування (у розділі <quote>[domain/НАЗВА_ДОМЕНУ]</quote>):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" +"За типових налаштувань буде створено 10000 зрізів, кожен з яких може містити " +"до 200000 ідентифікаторів, починаючи з 10001 і аж до 2000100000. Цього має " +"вистачити для більшості розгорнутих середовищ." + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Додаткові налаштування" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Визначає нижню межу діапазону ідентифікаторів POSIX, які слід " +"використовувати для встановлення відповідності SID користувачів і груп " +"Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"Зауваження: цей параметр відрізняється від <quote>min_id</quote> тим, що " +"<quote>min_id</quote> працює як фільтр відповідей на запити щодо цього " +"домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця " +"відмінність є мінімальною, але загалом варто визначати <quote>min_id</quote> " +"меншим або рівним <quote>ldap_idmap_range_min</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "Типове значення: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" +"Визначає верхню межу діапазону ідентифікаторів POSIX, які слід " +"використовувати для встановлення відповідності SID користувачів і груп " +"Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"Зауваження: цей параметр відрізняється від <quote>max_id</quote> тим, що " +"<quote>max_id</quote> працює як фільтр відповідей на запити щодо цього " +"домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця " +"відмінність є мінімальною, але загалом варто визначати <quote>max_id</quote> " +"більшим або рівним <quote>ldap_idmap_range_max</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "Типове значення: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Визначає кількість ідентифікаторів доступних на кожному зі зрізів. Якщо " +"розмір діапазону не ділиться націло на мінімальне і максимальне значення, " +"буде створено якомога більше повних зрізів." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" +"ЗАУВАЖЕННЯ: значення цього параметра має бути не меншим за значення " +"максимального запланованого до використання RID на сервері Active Directory. " +"Пошук даних та вхід для будь-яких користувачів з RID, що перевищує це " +"значення, буде неможливим." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +#, fuzzy +#| msgid "" +#| "For example, if your most recently-added Active Directory user has " +#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +#| "<quote>ldap_idmap_range_size</quote> must be at least 1107." +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" +"Приклад: якщо найсвіжішим доданим користувачем Active Directory є користувач " +"з objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"«ldap_idmap_range_size» повинне мати значення, яке є не меншим за 1107." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" +"Для майбутнього можливого розширення важливо все спланувати наперед, " +"оскільки зміна цього значення призведе до зміни усіх прив’язок " +"ідентифікаторів у системі, отже зміни попередніх локальних ідентифікаторів " +"користувачів." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (рядок)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Визначає SID типового домену. За допомогою цього параметра можна гарантувати " +"те, що цей домен буде завжди призначено до нульового зрізу у карті " +"ідентифікаторів без використання алгоритму murmurhash описаного вище." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (рядок)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "Вказати назву типового домену." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (булеве значення)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Змінює поведінку алгоритму встановлення відповідності ідентифікаторів так, " +"щоб обчислення відбувалися за алгоритмом подібним до алгоритму " +"<quote>idmap_autorid</quote> winbind." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" +"Якщо встановлено цей параметр, домени призначатимуться, починаючи з " +"нульового зрізу з поступовим зростанням номерів на кожен додатковий домен." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"Зауваження: цей алгоритм є недетерміністичним (залежить від порядку записів " +"користувачів та груп). Якщо з метою сумісності з системою, у якій запущено " +"winbind, буде використано цей алгоритм, варто також скористатися параметром " +"<quote>ldap_idmap_default_domain_sid</quote> з метою гарантування " +"послідовного призначення принаймні одного домену до нульового зрізу." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_range_size (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "Добре відомі SID" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" +"У SSSD передбачено підтримку пошуку назв за добре відомими (Well-Known) SID, " +"тобто SID із особливим запрограмованим призначенням. Оскільки типові " +"користувачі і групи, пов’язані із цими добре відомими SID не мають " +"еквівалентів у середовищі Linux/UNIX, ідентифікаторів POSIX для цих об’єктів " +"немає." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" +"Простір назв SID упорядковано службами сертифікації, які виглядають як інші " +"домени. Службами сертифікації для добре відомих (Well-Known) SID є" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "Фіктивна служба сертифікації (Null Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "Загальна служба сертифікації (World Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "Локальна служба сертифікації (Local Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "Авторська служба сертифікації (Creator Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "Служба сертифікації NT (NT Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "Вбудована (Built-in)" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" +"Написані літерами верхнього регістру ці назви буде використано як назви " +"доменів для повернення повних назв добре відомих (Well-Known) SID." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" +"Оскільки деякі з програм надають змогу змінювати дані щодо керування " +"доступом на основі SID за допомогою назви, а не безпосереднього " +"використання, у SSSD передбачено підтримку пошуку SID за назвою. Щоб " +"уникнути конфліктів, для пошуку добре відомих (Well-Known) SID приймаються " +"лише повні назви. Отже, не можна використовувати як назви доменів у " +"<filename>sssd.conf</filename> такі назви: «NULL AUTHORITY», «WORLD " +"AUTHORITY», «LOCAL AUTHORITY», «CREATOR AUTHORITY», «NT AUTHORITY» та " +"«BUILTIN»." + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Показати довідкове повідомлення і завершити роботу." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"У SSSD передбачено два представлення для визначення рівня діагностики. " +"Найпростішим є визначення десяткового значення у діапазоні 0-9. Кожному " +"значенню відповідає вмикання відповідного рівня діагностики і усіх нижчих " +"рівнів. Точніше визначення вмикання або вимикання (якщо це потрібно) " +"специфічних рівнів можна встановити за допомогою шістнадцяткової бітової " +"маски." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" +"Будь ласка, зауважте, що кожна служба SSSD веде журнал у власному файлі. " +"Також зауважте, що вмикання <quote>debug_level</quote> у розділі " +"<quote>[sssd]</quote> вмикає діагностику лише для самого процесу sssd, а не " +"для процесів відповідача чи надавача даних. Для отримання діагностичних " +"повідомлень слід додати параметр «debug_level» до усіх розділів, для яких " +"слід створювати журнал діагностичних повідомлень." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" +"Окрім зміни рівня ведення журналу у файлі налаштувань за допомогою параметра " +"«debug_level», який не змінюється під час роботи, але зміна якого потребує " +"перезапуску SSSD, можна змінити режим діагностики без перезапуску за " +"допомогою програми <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "Рівні діагностики, передбачені у поточній версії:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: критичні помилки з " +"аварійним завершенням роботи. Всі помилки, які не дають SSSD змоги розпочати " +"або продовжувати роботу." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: критичні помилки. " +"Помилки, які не призводять до аварійного завершення роботи SSSD, але " +"означають, що одна з основних можливостей не працює належним чином." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: серйозні помилки. " +"Повідомлення про такі помилки означають, що не вдалося виконати певний запит " +"або дію." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: незначні помилки. Це " +"помилки які можуть призвести до помилок під час виконання дій." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: параметри налаштування." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: дані функцій." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: повідомлення трасування " +"для функцій дій." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: повідомлення трасування " +"для функцій внутрішнього трасування." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: вміст внутрішніх " +"змінних функцій, який може бути цікавим." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: дані трасування " +"найнижчого рівня." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"Щоб до журналу було записано дані потрібних бітових масок рівнів " +"діагностики, просто додайте відповідні числа, як це показано у наведених " +"нижче прикладах:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Example</emphasis>: щоб до журналу було записано дані щодо " +"критичних помилок з аварійним завершенням роботи, критичних помилок, " +"серйозних помилок та дані функцій, скористайтеся рівнем діагностики 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Приклад</emphasis>: щоб до журналу було записано критичні помилки " +"з аварійним завершенням роботи, параметри налаштування, дані функцій та " +"повідомлення трасування для функцій внутрішнього керування, скористайтеся " +"рівнем 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Зауваження</emphasis>: формат бітових масок для рівнів діагностики " +"впроваджено у версії 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "<emphasis>Типове значення</emphasis>: 0" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" +"<emphasis> Цю можливість ще не перевірено достатнім чином. Будь ласка, якщо " +"помітите якісь вади, повідомте про них за допомогою настанов на сторінці " +"http://fedorahosted.org/sssd. </emphasis>" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "ЛОКАЛЬНИЙ ДОМЕН" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"З метою забезпечення належної роботи слід створити домен з " +"<quote>id_provider=local</quote> та запустити SSSD." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"Адміністратор може надати перевагу використанню локальних записів " +"користувачів SSSD замість традиційних записів користувачів UNIX, якщо для " +"роботи потрібна вкладеність груп (див. <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>). Використання локальних записів може також бути корисним для " +"тестування та розробки програмного забезпечення з підтримкою SSSD (у такому " +"разі не потрібно розгортати повноцінний віддалений сервер). Інструменти " +"<command>sss_user*</command> та <command>sss_group*</command> використовують " +"для зберігання записів користувачів і груп локальне сховище даних LDB." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"Додатковий основний DN, область пошуку і фільтр LDAP для обмеження пошуків " +"LDAP цим типом атрибутів." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "синтаксис: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий " +"рівень) або «subtree» (піддерево). Докладніший опис діапазонів наведено у " +"розділі 4.5.1.2 документа http://tools.ietf.org/html/rfc4511" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Приклади використання цих синтаксичних конструкцій можна знайти у розділі " +"прикладів «ldap_search_base»." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Будь ласка, зауважте, що підтримки визначення області або фільтра для " +"пошуків на сервері Active Directory не передбачено. Це може призвести до " +"отримання значної кількості результатів і викликати реакцію з боку " +"розширення діапазону отримання (Range Retrieval)." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Будь ласка, зауважте, що засіб автоматичного монтування читає основну карту " +"лише під час запуску, отже якщо до ssd.conf внесено будь-які пов’язані з " +"autofs зміни, типово слід перезапустити фонову службу автоматичного " +"монтування після перезапуску SSSD." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (рядок)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "номер UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "назва домену" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "ім’я користувача повністю (користувач@домен)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "UPN - User Principal Name (ім’я@ОБЛАСТЬ)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "Початкова домашня тека, отримана від служби профілів." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"Значення параметра налаштовування <emphasis>homedir_substring</emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Перевизначити домашній каталог користувача. Ви можете вказати абсолютне " +"значення або шаблон. У шаблоні можна використовувати такі замінники: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" +"Значення цього параметра можна встановлювати для кожного з доменів окремо." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Типове значення: не встановлено (SSSD використовуватиме значення, отримане " +"від LDAP)" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (рядок)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" +"Значення цього параметра буде використано під час розгортання параметра " +"<emphasis>override_homedir</emphasis>, якщо у шаблоні міститься рядок " +"форматування <emphasis>%H</emphasis>. Запис каталогу LDAP може безпосередньо " +"містити цей шаблон для розгортання шляху до домашнього каталогу на кожному з " +"клієнтських комп’ютерів (або у кожній з операційних систем). Значення " +"параметра можна вказати окремо для кожного з доменів або на загальному рівні " +"у розділі [nss]. Значення, вказане у розділі домену, має вищий пріоритет за " +"значення, встановлене за допомогою розділу [nss]." + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Типове значення: /home" + +#~ msgid "" +#~ "If user is authenticating using SSH keys and account is expired then by " +#~ "default 'Permission denied' is output. This output will be changed to " +#~ "content of this variable if it is set." +#~ msgstr "" +#~ "Якщо користувач проходить розпізнавання за допомогою ключів SSH, а строк " +#~ "дії облікового запису вичерпано, буде виведено типове повідомлення про " +#~ "заборону доступу («Permission denied»). Це повідомлення буде змінено на " +#~ "вміст змінної, якщо її значення буде встановлено." + +#~ msgid "" +#~ "Please note that the default values correspond to the default schema " +#~ "which is RFC2307." +#~ msgstr "" +#~ "Будь ласка, зауважте, що типові значення відповідають типовій схемі, яку " +#~ "визначено у RFC2307." + +#~ msgid "Default: ou" +#~ msgstr "Типове значення: ou" + +#~ msgid "NOTE: This option currently supports only one interface." +#~ msgstr "" +#~ "ЗАУВАЖЕННЯ: для цього параметра у поточній версії передбачено підтримку " +#~ "лише одного інтерфейсу." --- sssd-1.13.4.orig/src/man/po/zh_CN.po +++ sssd-1.13.4/src/man/po/zh_CN.po @@ -0,0 +1,11324 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Christopher Meng <cickumqt@gmail.com>, 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 1.12.90\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2016-04-13 16:30+0200\n" +"PO-Revision-Date: 2014-06-04 02:04-0400\n" +"Last-Translator: jhrozek <jhrozek@redhat.com>\n" +"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" +"language/zh_CN/)\n" +"Language: zh-CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Zanata 3.8.3\n" + +#. type: Content of: <reference><title> +#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 +#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 +#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 +#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 +#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 +#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD 手册页面" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 +msgid "sss_groupmod" +msgstr "sss_groupmod" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 +#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupmod.8.xml:16 +msgid "modify a group" +msgstr "变更一个组" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupmod.8.xml:21 +msgid "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 +#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 +#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 +#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 +#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 +#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 +#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 +msgid "DESCRIPTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupmod.8.xml:32 +msgid "" +"<command>sss_groupmod</command> modifies the group to reflect the changes " +"that are specified on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 +#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 +#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 +#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "选项" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 +msgid "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:48 +msgid "" +"Append this group to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 +msgid "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupmod.8.xml:62 +msgid "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" +"Remove this group from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:10 sssd.conf.5.xml:16 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 +#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 +#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:17 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:21 +msgid "FILE FORMAT" +msgstr "文件格式" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:29 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:24 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:36 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:41 +msgid "" +"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:47 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:53 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:59 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:61 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:65 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:69 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:73 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:76 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:81 sssd.conf.5.xml:634 sssd.conf.5.xml:1139 +#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 +#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 +#: sssd-ad.5.xml:799 sssd-ad.5.xml:918 sssd-krb5.5.xml:499 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:86 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:89 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:94 sssd.conf.5.xml:1093 sssd.conf.5.xml:2231 +#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 +#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 +#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 +#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2189 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:103 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:107 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:110 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:115 sssd.conf.5.xml:1057 sssd-ldap.5.xml:1410 +#: include/ldap_id_mapping.xml:264 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:125 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:128 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:137 sssd.conf.5.xml:2339 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:139 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:142 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:148 +msgid "services" +msgstr "服务" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:151 +msgid "" +"Comma separated list of services that are started when sssd itself starts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:155 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" +"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" +"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:165 sssd.conf.5.xml:419 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:168 sssd.conf.5.xml:422 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:173 sssd.conf.5.xml:427 +msgid "Default: 3" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:178 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:181 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter described the list of domains in the order you want " +"them to be queried. A domain name should only consist of alphanumeric ASCII " +"characters, dashes, dots and underscores." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:193 sssd.conf.5.xml:2014 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:201 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN " +"SECTIONS for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:210 sssd.conf.5.xml:2065 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:213 sssd.conf.5.xml:2068 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:224 sssd.conf.5.xml:2079 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:225 sssd.conf.5.xml:2080 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:228 sssd.conf.5.xml:2083 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:231 sssd.conf.5.xml:2086 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:237 sssd.conf.5.xml:2092 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:240 sssd.conf.5.xml:2095 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:221 sssd.conf.5.xml:2076 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:250 +msgid "" +"Each domain can have an individual format string configured. see DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:256 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:259 +msgid "" +"SSSD monitors the state of resolv.conf to identify when it needs to update " +"its internal DNS resolver. By default, we will attempt to use inotify for " +"this, and will fall back to polling resolv.conf every five seconds if " +"inotify cannot be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:267 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:273 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:277 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:284 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:287 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:291 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:297 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:312 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:317 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:320 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:330 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 +#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:609 +#: sssd-ad.5.xml:679 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:344 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:347 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:356 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:364 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:369 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:377 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:379 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:389 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "Default: not set, i.e. do not restrict certificate vertification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:130 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:404 +msgid "SERVICES SECTIONS" +msgstr "服务部分" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:406 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:413 +msgid "General service configuration options" +msgstr "基本服务配置选项" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:415 +msgid "These options can be used to configure any service." +msgstr "这些选项可被用于配置任何服务。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:432 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:435 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:444 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:449 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:452 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:459 sssd.conf.5.xml:475 sssd.conf.5.xml:507 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:957 sssd.conf.5.xml:1347 +#: sssd-ldap.5.xml:1237 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:464 sssd.conf.5.xml:1336 +msgid "force_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:467 sssd.conf.5.xml:1339 +msgid "" +"If a service is not responding to ping checks (see the <quote>timeout</" +"quote> option), it is first sent the SIGTERM signal that instructs it to " +"quit gracefully. If the service does not terminate after " +"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " +"by sending a SIGKILL signal." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:480 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:483 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. This " +"value is in seconds and calculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:490 +msgid "offline_timeout + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "" +"The random offset can increment up to 30 seconds. After each unsuccessful " +"attempt to go online, the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:498 +msgid "new_interval = old_interval*2 + random_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"Note that the maximum length of each interval is currently limited to one " +"hour. If the calculated length of new_interval is greater than an hour, it " +"will be forced to one hour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:512 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:515 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:521 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:524 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:527 sssd-ldap.5.xml:1054 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:535 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:533 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:539 sssd.conf.5.xml:1001 sssd.conf.5.xml:1026 +#: sssd.conf.5.xml:1045 sssd.conf.5.xml:1330 sssd-ldap.5.xml:1793 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:547 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:549 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:557 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:561 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:566 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:569 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:575 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:585 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:593 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:598 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:601 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:607 sssd.conf.5.xml:1117 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:612 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:615 +msgid "" +"Exclude certain users from being fetched from the sss NSS database. This is " +"particularly useful for system accounts. This option can also be set per-" +"domain or include fully-qualified names to filter only users from the " +"particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:622 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:627 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:630 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:641 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:644 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:649 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:655 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:653 sssd.conf.5.xml:1020 sssd.conf.5.xml:1039 +#: sssd-krb5.5.xml:533 include/override_homedir.xml:55 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:659 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:665 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:668 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:674 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:680 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:683 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:686 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:690 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:695 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:703 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:710 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:713 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:717 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:722 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:725 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:730 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:733 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:745 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:751 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:758 sssd.conf.5.xml:950 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:761 sssd.conf.5.xml:953 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:770 +msgid "memcache_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:773 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:777 sssd-ldap.5.xml:706 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:780 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:788 sssd-ifp.5.xml:74 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:791 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:804 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:816 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:818 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:823 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:831 sssd.conf.5.xml:844 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:837 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:840 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:850 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:853 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:864 sssd.conf.5.xml:917 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:870 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:873 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:881 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:888 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:891 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:895 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:900 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:903 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:923 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:926 sssd.conf.5.xml:1550 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:929 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:935 sssd.conf.5.xml:1553 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:940 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 sssd.conf.5.xml:2291 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:962 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:965 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAM responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:971 +msgid "Default: all (All users are allowed to access the PAM responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:975 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:982 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:985 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:989 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:993 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:997 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1006 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1009 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbostiy is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1022 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1031 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1041 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1050 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1053 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1066 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1068 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1085 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1088 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1101 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1103 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1107 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1126 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1128 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1132 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1135 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1144 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1147 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1151 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1156 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1159 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1164 +msgid "Default: /etc/pki/nssdb" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1172 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1174 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. " +"If the PAC is decoded and evaluated some of the following operations are " +"done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1183 +msgid "" +"If the remote user does not exist in the cache, it is created. The uid is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"gid will have the same value as the uid. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1191 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1197 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1201 sssd-ifp.5.xml:50 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1204 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1210 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1214 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:1228 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1235 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1238 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1250 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1254 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1260 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1263 +msgid "" +"Determines if a domain can be enumerated. This parameter can have one of the " +"following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1267 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1270 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1273 sssd.conf.5.xml:1505 sssd.conf.5.xml:1672 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1276 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1289 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1294 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1302 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1310 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1317 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1318 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1321 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1322 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1313 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1353 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1356 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1360 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1373 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1379 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1382 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1386 sssd.conf.5.xml:1399 sssd.conf.5.xml:1412 +#: sssd.conf.5.xml:1425 sssd.conf.5.xml:1438 sssd.conf.5.xml:1452 +#: sssd.conf.5.xml:1466 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1392 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1395 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1405 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1408 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1418 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1421 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1431 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1444 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1447 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1458 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1472 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1475 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1480 +msgid "" +"The background refresh will process users, groups and netgroups in the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1484 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1488 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1494 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1497 +msgid "Determines if user credentials are also cached in the local LDB cache" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1501 +msgid "User credentials are stored in a SHA512 hash, not in plaintext" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1511 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1514 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1521 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1526 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1532 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1535 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1547 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1565 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1571 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1574 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1578 +msgid "<quote>proxy</quote>: Support a legacy NSS provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1581 sssd.conf.5.xml:1718 +msgid "<quote>local</quote>: SSSD internal provider for local users" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1585 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1593 sssd.conf.5.xml:1698 sssd.conf.5.xml:1753 +#: sssd.conf.5.xml:1806 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 sssd.conf.5.xml:1707 sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1815 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1621 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1629 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1636 +msgid "Default: FALSE (TRUE if default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1648 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1666 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1677 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1680 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 sssd.conf.5.xml:1746 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1691 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1715 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1722 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1725 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1731 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1734 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1740 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1743 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1770 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1777 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1782 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1785 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1790 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1798 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1823 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1827 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1830 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1837 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1840 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1844 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1852 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1856 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1860 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1863 sssd.conf.5.xml:1941 sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2007 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1867 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1884 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1887 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1893 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1901 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1904 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1910 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1913 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1919 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1928 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1937 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1948 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1951 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1955 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1970 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1979 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1989 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1992 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1996 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2004 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2017 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> which allows three different styles for " +"user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2031 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2034 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2045 +msgid "" +"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +"which translates to \"the name is everything up to the <quote>@</quote> " +"sign, the domain everything after that\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2051 +msgid "" +"PLEASE NOTE: the support for non-unique named subpatterns is not available " +"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " +"version 7 or higher can support non-unique named subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2058 +msgid "" +"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" +"P<name>) to label subpatterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2105 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2111 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2114 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2118 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2121 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2124 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2127 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2130 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2133 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2139 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2142 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the DNS " +"resolver before assuming that it is unreachable. If this timeout is reached, " +"the domain will continue to operate in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2148 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2154 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2157 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2161 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2167 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2170 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2176 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2184 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2187 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2193 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2195 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2199 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2202 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2179 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2214 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2220 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2223 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2237 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2248 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2249 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2240 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2254 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2258 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2263 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2266 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2272 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2275 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2281 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2285 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1230 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2303 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2306 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2309 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2317 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2320 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2299 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" id=" +"\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2332 +msgid "The local domain section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2334 +msgid "" +"This section contains settings for domain that stores users and groups in " +"SSSD native database, that is, a domain that uses " +"<replaceable>id_provider=local</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2341 +msgid "default_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2344 +msgid "The default shell for users created with SSSD userspace tools." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2348 +msgid "Default: <filename>/bin/bash</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2353 +msgid "base_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2356 +msgid "" +"The tools append the login name to <replaceable>base_directory</replaceable> " +"and use that as the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2361 +msgid "Default: <filename>/home</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2366 +msgid "create_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2369 +msgid "" +"Indicate if a home directory should be created by default for new users. " +"Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2373 sssd.conf.5.xml:2385 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2378 +msgid "remove_homedir (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2381 +msgid "" +"Indicate if a home directory should be removed by default for deleted " +"users. Can be overridden on command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2390 +msgid "homedir_umask (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2393 +msgid "" +"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " +"on a newly created home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2401 +msgid "Default: 077" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2406 +msgid "skel_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2409 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2419 +msgid "Default: <filename>/etc/skel</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2424 +msgid "mail_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "" +"The mail spool directory. This is needed to manipulate the mailbox when its " +"corresponding user account is modified or deleted. If not specified, a " +"default value is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2434 +msgid "Default: <filename>/var/mail</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2439 +msgid "userdel_cmd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2442 +msgid "" +"The command that is run after a user is removed. The command us passed the " +"username of the user being removed as the first and only parameter. The " +"return code of the command is not taken into account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2448 +msgid "Default: None, no command is run" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2458 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:717 sssd-ad.5.xml:955 sssd-krb5.5.xml:564 +#: sss_rpcidmapd.5.xml:98 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:2464 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2460 +msgid "" +"The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. If the LDAP server is used only as an identity " +"provider, an encrypted channel is not needed. Please refer to " +"<quote>ldap_access_filter</quote> config option for more information about " +"using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:60 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:63 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:73 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:76 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:79 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:85 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:88 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:99 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:105 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:108 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:112 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:116 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 +#: sss_override.8.xml:135 sss_override.8.xml:232 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:129 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:134 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:137 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:158 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:161 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:172 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:177 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:182 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:187 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:193 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:203 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:209 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:212 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:219 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:222 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:226 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:229 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:232 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:235 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:241 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:244 +msgid "" +"The authentication token of the default bind DN. Only clear text passwords " +"are currently supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:251 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:254 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:263 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:266 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:270 +msgid "Default: uid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:276 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:279 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:289 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:292 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:302 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:305 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:309 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:315 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:318 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "Default: homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:328 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:331 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:335 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:341 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:344 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:355 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:358 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:370 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:383 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:396 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:402 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:405 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:432 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:438 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:441 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:451 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:457 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:460 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:476 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:479 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:489 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:495 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:498 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:510 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:513 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:519 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:525 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:528 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:533 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:539 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:542 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:547 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:553 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:556 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:561 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:567 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:570 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:580 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:583 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:602 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:608 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:611 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:615 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:621 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:624 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:629 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:639 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:649 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:652 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:656 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:659 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:669 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:672 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:676 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:682 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:685 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:698 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:701 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:712 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:715 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:721 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:736 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:739 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:749 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:752 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:756 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:762 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:765 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:772 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:777 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:784 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:790 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:793 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:799 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:811 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:817 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:820 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:824 +msgid "Default: no set in the general case, userCertificate;binary for IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:831 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:834 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:837 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:843 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:846 +msgid "The LDAP attribute that corresponds to the group name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:856 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:859 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:869 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:872 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:876 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:882 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:885 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:896 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:899 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:924 +msgid "ldap_group_type (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:927 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:938 +msgid "Default: groupType in the AD provider, othewise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:945 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:948 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:961 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:964 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:980 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:989 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:995 +msgid "ldap_groups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:998 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which may speed up group lookup operations on deployments with " +"complex or deep nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1004 +msgid "" +"In most common cases, it is best to leave this option disabled. It generally " +"only provides a performance increase on very complex nestings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036 +msgid "" +"If this option is enabled, SSSD will use it if it detects that the server " +"supports it during initial connection. So \"True\" here essentially means " +"\"auto-detect\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042 +msgid "" +"Note: This feature is currently known to work only with Active Directory " +"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" +"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " +"for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1027 +msgid "ldap_initgroups_use_matching_rule_in_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1030 +msgid "" +"This option tells SSSD to take advantage of an Active Directory-specific " +"feature which might speed up initgroups operations (most notably when " +"dealing with complex or deep nested groups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1057 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1062 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1068 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1071 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1074 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1078 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1084 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1087 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1101 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1104 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1108 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1118 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1121 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1128 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1134 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1150 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1153 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1156 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1162 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1165 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1175 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1178 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1182 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1188 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1191 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1201 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1206 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1209 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1215 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1227 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1230 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1243 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1246 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1269 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1287 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1290 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1304 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1307 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1312 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1318 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1321 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1327 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1333 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1345 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1348 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1351 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1366 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1369 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1375 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1382 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1391 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1395 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1403 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1416 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1419 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1425 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1429 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1436 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1442 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1448 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1452 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1458 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1461 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1473 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1476 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1491 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1504 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1516 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1519 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1532 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"Specifies that the id_provider connection must also use <systemitem class=" +"\"protocol\">tls</systemitem> to protect the channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1545 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1548 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1564 +msgid "ldap_min_id, ldap_max_id (interger)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1567 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1579 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1585 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1588 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI is tested and " +"supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1598 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1601 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI is used, this " +"represents the Kerberos principal used for authentication to the directory. " +"This option can either contain the full principal (for example host/" +"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1615 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1624 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1630 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1633 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1638 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "Specify the keytab to use when using SASL/GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1671 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1674 +msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:849 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1719 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1768 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1781 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1787 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1796 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1804 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1807 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1811 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1816 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1830 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1833 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1843 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1846 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1851 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1857 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1872 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1875 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1898 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1902 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1924 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1928 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1935 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1943 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1950 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1956 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1965 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1978 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1981 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1985 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1988 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1998 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2005 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2022 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2026 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2036 +msgid "" +"The difference between these options is the action taken if user password is " +"expired: pwd_expire_policy_reject - user is denied to log in, " +"pwd_expire_policy_warn - user is still able to log in, " +"pwd_expire_policy_renew - user is prompted to change his password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2044 +msgid "" +"Note If user password is expired no explicit message is prompted by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2048 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2053 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2058 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2062 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2065 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2072 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2075 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2083 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2086 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2092 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2095 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2100 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2104 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2109 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2114 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2119 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2127 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2130 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2134 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2145 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136 +msgid "wildcart_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2160 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2164 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2168 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2178 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2180 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2191 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2194 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2197 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2203 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2206 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2216 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2219 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2223 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2229 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2232 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2237 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2243 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2246 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2250 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2256 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2259 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2263 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2269 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2272 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2276 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2282 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2285 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2289 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2295 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2298 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2302 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2308 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2311 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2316 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2322 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2325 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2329 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2335 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2338 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2343 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2348 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2354 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2357 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest USN " +"of cached rules)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2363 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2373 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2376 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2387 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2390 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2395 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2459 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2411 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2414 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2419 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2434 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2437 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2452 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2455 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2471 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2481 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2483 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2489 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2492 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2495 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2502 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2505 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2508 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2515 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2518 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2521 +msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2529 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2532 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2537 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: automount" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2544 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2551 +msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2559 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2566 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2487 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2576 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2583 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2588 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2593 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:2598 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:2600 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no gid mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:2607 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2609 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2614 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2578 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2631 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2637 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:963 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 +#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2648 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2650 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:2655 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-simple.5.xml:148 sssd-ad.5.xml:978 sssd.8.xml:195 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:2672 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <refentryinfo> +#: pam_sss.8.xml:8 include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - http://" +"fedorahosted.org/sssd</orgname>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:13 pam_sss.8.xml:18 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:19 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:24 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:54 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:64 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:67 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:72 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:75 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:93 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:96 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:108 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:117 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:120 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:131 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:138 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:142 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:148 +msgid "" +"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> " +"and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:164 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:165 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:171 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:172 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:177 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:187 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " +"libraries what Realm and which KDC to use. Typically this is done in " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> which is always read by the Kerberos libraries. " +"To simplify the configuration the Realm and the KDC can be defined in " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> as described in <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:48 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> puts the Realm and the name or IP address of the KDC into " +"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " +"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " +"libraries it reads and evaluates these variables and returns them to the " +"libraries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:69 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:78 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:81 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:89 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:92 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:105 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:108 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:116 sssd-ad.5.xml:780 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:119 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA v2 with the IP address of this client. The update is " +"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " +"for the updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:128 sssd-ad.5.xml:794 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:133 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:145 sssd-ad.5.xml:805 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:148 sssd-ad.5.xml:808 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:153 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:165 sssd-ad.5.xml:819 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 sssd-ad.5.xml:822 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:175 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:185 sssd-ad.5.xml:833 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:191 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example.com" +"\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:217 sssd-ad.5.xml:839 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:220 sssd-ad.5.xml:842 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:233 sssd-ad.5.xml:855 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:236 sssd-ad.5.xml:858 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:247 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:869 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:872 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:876 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 sssd-ad.5.xml:882 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 sssd-ad.5.xml:885 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:890 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:895 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 sssd-ad.5.xml:900 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:290 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:293 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:297 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367 +#: sssd-ipa.5.xml:386 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:322 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:325 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:341 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:344 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:353 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:360 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:363 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:372 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:379 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:382 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:391 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:401 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:408 sssd-ad.5.xml:921 +msgid "" +"Note that this default differs from the traditional Kerberos provider back " +"end." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:433 +msgid "" +"Specifies if the host and user principal should be canonicalized when " +"connecting to IPA LDAP and also for AS requests. This feature is available " +"with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:454 +msgid "<emphasis>never</emphasis> use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:457 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it. This is equivalent to not setting " +"this option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:468 +msgid "Default: try" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:480 sssd-ad.5.xml:928 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 sssd-ad.5.xml:931 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:487 sssd-ad.5.xml:935 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 sssd-ad.5.xml:939 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:498 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:501 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:514 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:517 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:530 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:533 +msgid "This option should only be set by the IPA installer." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:537 +msgid "" +"The option denotes that the SSSD is running on IPA server and should perform " +"lookups of users and groups from trusted domains differently." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:548 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:551 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:554 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:562 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:571 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:577 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:583 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:586 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:596 +msgid "ipa_overide_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:599 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:602 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:608 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:611 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:615 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:621 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:624 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:632 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:635 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:638 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:641 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:647 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:650 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:655 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:661 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:664 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:669 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:672 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:675 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:680 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:564 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:690 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:692 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:696 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:702 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:719 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:726 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:41 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:45 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:51 +msgid "" +"The AD provider accepts the same options used by the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" +"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:63 +msgid "" +"However, it is neither necessary nor recommended to set these options. The " +"AD provider can also be used as an access, chpass, sudo and autofs provider. " +"No configuration of the access provider is required on the client side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:75 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " +"and groups using POSIX attributes from trusted domains, the AD administrator " +"must make sure that the POSIX attributes are replicated to the Global " +"Catalog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:82 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:97 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:100 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:105 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:110 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:117 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:120 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:127 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:132 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:140 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:143 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the Active Directory domain to identify this " +"host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:149 +msgid "" +"This field is used to determine the host principal in use in the keytab. It " +"must match the hostname for which the keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:157 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:164 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:180 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:191 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:199 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:207 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:212 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:223 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:233 sssd-ad.5.xml:247 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:239 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:253 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:256 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:264 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:278 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:281 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to a particular host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:296 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:309 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:313 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:319 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:325 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:339 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:345 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:348 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:361 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:364 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:370 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:384 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:388 sssd-ad.5.xml:479 sssd-ad.5.xml:525 sssd-ad.5.xml:570 +#: sssd-ad.5.xml:636 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:392 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:397 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:402 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:407 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:412 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:417 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:422 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:427 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:432 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:437 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:442 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:451 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:460 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:475 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:466 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:483 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:488 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:497 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:500 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:506 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:521 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:512 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:529 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:534 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:543 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:546 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:552 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:566 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:557 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:574 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:583 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:586 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:605 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:597 sssd-ad.5.xml:667 +msgid "" +"It is possible to add a PAM service name to the default set by using <quote>" +"+service_name</quote>. Since the default set is empty, it is not possible " +"to remove a PAM service name from the default set. For example, in order to " +"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you " +"would use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:615 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:618 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:632 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:623 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:640 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:645 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:650 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:659 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:662 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:675 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:685 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:688 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:701 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:705 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:710 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:715 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:720 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:725 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:730 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:735 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:741 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:747 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:750 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:756 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30 days" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:762 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:765 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expect 2 integers seperated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the inital timeout in seconds before the task is run for the first " +"time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:783 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:813 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:829 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:863 sss_rpcidmapd.5.xml:76 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:909 sssd-krb5.5.xml:505 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:912 sssd-krb5.5.xml:508 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:957 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:964 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:984 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:980 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:990 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:998 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:112 +msgid "" +"When the SSSD is configured to use IPA as the ID provider, the sudo provider " +"is automatically enabled. The sudo search base is configured to use the " +"compat tree (ou=sudoers,$DC)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:119 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:121 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:129 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:135 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:143 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:159 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:164 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:169 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:174 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:179 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:184 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:190 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>-f</option>,<option>--debug-to-files</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "" +"Send the debug output to files instead of stderr. By default, the log files " +"are stored in <filename>/var/log/sssd</filename> and there are separate log " +"files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:97 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:101 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:107 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:111 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:147 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:153 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:159 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:162 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:170 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:173 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:182 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:185 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:197 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:50 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:52 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:59 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:70 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:78 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:83 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:92 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:97 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:105 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:110 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:116 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:121 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:126 +msgid "original_name:name:uid:gid:gecos:home:shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:138 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:141 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:147 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:152 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:160 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:167 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:175 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:180 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:189 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:194 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:202 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:207 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:213 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:218 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:223 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:235 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:238 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:244 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:249 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:259 +#, fuzzy +#| msgid "OPTIONS" +msgid "COMMON OPTIONS" +msgstr "选项" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:261 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:266 +#, fuzzy +#| msgid "" +#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#| "replaceable>" +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" +"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +"replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_useradd.8.xml:10 sss_useradd.8.xml:15 +msgid "sss_useradd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_useradd.8.xml:16 +msgid "create a new user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_useradd.8.xml:21 +msgid "" +"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_useradd.8.xml:32 +msgid "" +"<command>sss_useradd</command> creates a new user account using the values " +"specified on the command line plus the default values from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:43 sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:48 +msgid "" +"Set the UID of the user to the value of <replaceable>UID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:72 +msgid "" +"The home directory of the user account. The default is to append the " +"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " +"that as the home directory. The base that is prepended before " +"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +"baseDirectory</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:87 +msgid "" +"The user's login shell. The default is currently <filename>/bin/bash</" +"filename>. The default can be changed with <quote>user_defaults/" +"defaultShell</quote> setting in sssd.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:96 +msgid "" +"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:101 +msgid "A list of existing groups this user is also a member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:107 +msgid "<option>-m</option>,<option>--create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:111 +msgid "" +"Create the user's home directory if it does not exist. The files and " +"directories contained in the skeleton directory (which can be defined with " +"the -k option or in the config file) will be copied to the home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:121 +msgid "<option>-M</option>,<option>--no-create-home</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:125 +msgid "" +"Do not create the user's home directory. Overrides configuration settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:132 +msgid "" +"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:137 +msgid "" +"The skeleton directory, which contains files and directories to be copied in " +"the user's home directory, when the home directory is created by " +"<command>sss_useradd</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:143 +msgid "" +"Special files (block devices, character devices, named pipes and unix " +"sockets) will not be copied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:147 +msgid "" +"This option is only valid if the <option>-m</option> (or <option>--create-" +"home</option>) option is specified, or creation of home directories is set " +"to TRUE in the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_useradd.8.xml:156 sss_usermod.8.xml:124 +msgid "" +"<option>-Z</option>,<option>--selinux-user</option> " +"<replaceable>SELINUX_USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_useradd.8.xml:161 +msgid "" +"The SELinux user for the user's login. If not specified, the system default " +"will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>.k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:27 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:45 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:46 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:257 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:272 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:275 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:279 +msgid "Default: /etc/krb5.keytab" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:285 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:288 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:293 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:306 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:309 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:335 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:341 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:344 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:360 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:364 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:369 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:376 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:379 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:406 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:424 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:428 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:438 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "NOTE: a keytab is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:453 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:456 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:465 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:514 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:520 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:523 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:535 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:540 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:566 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:574 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 +msgid "sss_groupadd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupadd.8.xml:16 +msgid "create a new group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupadd.8.xml:21 +msgid "" +"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupadd.8.xml:32 +msgid "" +"<command>sss_groupadd</command> creates a new group. These groups are " +"compatible with POSIX groups, with the additional feature that they can " +"contain other groups as members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupadd.8.xml:43 sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupadd.8.xml:48 +msgid "" +"Set the GID of the group to the value of <replaceable>GID</replaceable>. If " +"not given, it is chosen automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_userdel.8.xml:10 sss_userdel.8.xml:15 +msgid "sss_userdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_userdel.8.xml:16 +msgid "delete a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_userdel.8.xml:21 +msgid "" +"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_userdel.8.xml:32 +msgid "" +"<command>sss_userdel</command> deletes a user identified by login name " +"<replaceable>LOGIN</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:44 +msgid "<option>-r</option>,<option>--remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:48 +msgid "" +"Files in the user's home directory will be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:56 +msgid "<option>-R</option>,<option>--no-remove</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:60 +msgid "" +"Files in the user's home directory will NOT be removed along with the home " +"directory itself and the user's mail spool. Overrides the configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:68 +msgid "<option>-f</option>,<option>--force</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:72 +msgid "" +"This option forces <command>sss_userdel</command> to remove the user's home " +"directory and mail spool, even if they are not owned by the specified user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_userdel.8.xml:80 +msgid "<option>-k</option>,<option>--kick</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_userdel.8.xml:84 +msgid "Before actually deleting the user, terminate all his processes." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 +msgid "sss_groupdel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupdel.8.xml:16 +msgid "delete a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupdel.8.xml:21 +msgid "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupdel.8.xml:32 +msgid "" +"<command>sss_groupdel</command> deletes a group identified by its name " +"<replaceable>GROUP</replaceable> from the system." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 +msgid "sss_groupshow" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_groupshow.8.xml:16 +msgid "print properties of a group" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_groupshow.8.xml:21 +msgid "" +"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_groupshow.8.xml:32 +msgid "" +"<command>sss_groupshow</command> displays information about a group " +"identified by its name <replaceable>GROUP</replaceable>. The information " +"includes the group ID number, members of the group and the parent group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_groupshow.8.xml:43 +msgid "<option>-R</option>,<option>--recursive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_groupshow.8.xml:47 +msgid "" +"Also print indirect group members in a tree-like hierarchy. Note that this " +"also affects printing parent groups - without <option>R</option>, only the " +"direct parent will be printed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_usermod.8.xml:10 sss_usermod.8.xml:15 +msgid "sss_usermod" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_usermod.8.xml:16 +msgid "modify a user account" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_usermod.8.xml:21 +msgid "" +"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_usermod.8.xml:32 +msgid "" +"<command>sss_usermod</command> modifies the account specified by " +"<replaceable>LOGIN</replaceable> to reflect the changes that are specified " +"on the command line." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:60 +msgid "The home directory of the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:71 +msgid "The user's login shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:82 +msgid "" +"Append this user to groups specified by the <replaceable>GROUPS</" +"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " +"a comma separated list of group names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:96 +msgid "" +"Remove this user from groups specified by the <replaceable>GROUPS</" +"replaceable> parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:103 +msgid "<option>-l</option>,<option>--lock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:107 +msgid "Lock the user account. The user won't be able to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:114 +msgid "<option>-u</option>,<option>--unlock</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:118 +msgid "Unlock the user account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:129 +msgid "The SELinux user for the user's login." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:135 +msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:140 +msgid "Add an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:147 +msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:152 +msgid "" +"Set an attribute to a name/value pair. The format is attrname=value. For " +"multi-valued attributes, the command replaces the values already present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_usermod.8.xml:160 +msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_usermod.8.xml:165 +msgid "Delete an attribute/value pair. The format is attrname=value." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:42 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:46 +msgid "Invalidate all cached entries except for sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:52 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:57 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:63 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:67 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:74 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:79 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:85 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:89 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:96 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:101 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:107 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:111 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:118 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:123 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:129 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:133 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:140 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:145 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:151 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:155 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:162 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:167 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:173 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:177 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:185 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:190 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " +"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " +"running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_debuglevel.8.xml:59 +msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:46 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:53 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:59 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:63 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:77 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:91 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:92 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:95 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:96 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:99 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:100 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:103 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:104 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:81 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:125 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:117 +msgid "" +"It is possible to add another attribute to this set by using <quote>" +"+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:129 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:139 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:144 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "另见" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" +"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:58 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:51 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:70 +#, no-wrap +msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:63 +msgid "" +"If <quote>PubkeyAgent</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by using the following directive " +"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" +"\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:85 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and estabilishes connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 10,001 and going up to " +"2,000,100,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:127 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:142 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:145 +msgid "" +"Specifies the upper bound of the range of POSIX IDs to use for mapping " +"Active Directory user and group SIDs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:149 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:159 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:164 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:167 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:186 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:196 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:199 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:210 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:213 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:221 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:224 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:229 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monatomically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:234 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:249 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:252 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:256 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:273 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:275 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:284 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:285 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:286 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:287 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:288 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:289 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:291 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:295 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain " +"names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill the SSSD, but one that indicates that at least one " +"major feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:85 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:89 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:94 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:98 +msgid "<emphasis>Default</emphasis>: 0" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/experimental.xml:1 +msgid "" +"<emphasis> This is an experimental feature, please use http://fedorahosted." +"org/sssd to report any issues. </emphasis>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:31 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:33 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:38 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:40 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:52 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:57 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:61 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" --- sssd-1.13.4.orig/src/tests/intg/.config/screenrc +++ sssd-1.13.4/src/tests/intg/.config/screenrc @@ -0,0 +1,23 @@ +autodetach on +defscrollback 1024 +startup_message off +nethack on +vbell off +vbell_msg " -- Bell,Bell!! -- " +multiuser off +msgminwait 0 +msgwait 10 + +defutf8 on +defencoding utf8 + +hardstatus string '%{gk}[ %{G}%H %{g}][%= %{wk}%?%-Lw%?%{=b kR}(%{W}%n*%f %t%?(%u)%?%{=b kR})%{= kw}%?%+Lw%?%?%= %{g}]%{=b C}[ %d/%m %c ]%{W}' +hardstatus alwayslastline + +setenv LD_LIBRARY_PATH "$_LD_LIBRARY_PATH" +setenv LD_PRELOAD "$_LD_PRELOAD" + +screen -t / 0 sh -c 'cd $ROOT_DIR; exec "${SHELL:-sh}"' +screen -t /etc 1 sh -c 'cd $ROOT_DIR/etc; exec "${SHELL:-sh}"' +screen -t sssd_cache 3 sh -c 'cd $ROOT_DIR/var/lib/sss/db; exec "${SHELL:-sh}"' +screen -t sssd_log 2 sh -c 'cd $ROOT_DIR/var/log/sssd; exec "${SHELL:-sh}"' --- sssd-1.13.4.orig/zanata.xml +++ sssd-1.13.4/zanata.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<config xmlns="http://zanata.org/namespace/config/"> + <url>https://fedora.zanata.org/</url> + <project>sssd</project> + <project-version>master</project-version> + <project-type>gettext</project-type> + <src-dir>.</src-dir> + <trans-dir>.</trans-dir> + <includes>po/*.pot,src/man/po/*.pot</includes> + <locales> + <locale>af</locale> + <locale>sq</locale> + <locale>am</locale> + <locale>ar</locale> + <locale>as</locale> + <locale>ast</locale> + <locale>bal</locale> + <locale>eu</locale> + <locale>be</locale> + <locale>bn</locale> + <locale>bn-IN</locale> + <locale>brx</locale> + <locale>bs</locale> + <locale>br</locale> + <locale>bg</locale> + <locale>ca</locale> + <locale>zh-CN</locale> + <locale>zh-HK</locale> + <locale>zh-TW</locale> + <locale>kw</locale> + <locale>kw@kkcor</locale> + <locale>kw@uccor</locale> + <locale>kw-GB</locale> + <locale>hr</locale> + <locale>cs</locale> + <locale>da</locale> + <locale>nl</locale> + <locale>en-GB</locale> + <locale>eo</locale> + <locale>et</locale> + <locale>fi</locale> + <locale>fr</locale> + <locale>gl</locale> + <locale>ka</locale> + <locale>de</locale> + <locale>de-CH</locale> + <locale>el</locale> + <locale>gu</locale> + <locale>he</locale> + <locale>hi</locale> + <locale>hu</locale> + <locale>is</locale> + <locale>ilo</locale> + <locale>id</locale> + <locale>ia</locale> + <locale>it</locale> + <locale>ja</locale> + <locale>kn</locale> + <locale>kk</locale> + <locale>km</locale> + <locale>ky</locale> + <locale>ko</locale> + <locale>lv</locale> + <locale>lt</locale> + <locale>nds</locale> + <locale>mk</locale> + <locale>mai</locale> + <locale>ms</locale> + <locale>ml</locale> + <locale>mr</locale> + <locale>mn</locale> + <locale>ne</locale> + <locale>nso</locale> + <locale>nb</locale> + <locale>nn</locale> + <locale>or</locale> + <locale>fa</locale> + <locale>pl</locale> + <locale>pt</locale> + <locale>pt-BR</locale> + <locale>pa</locale> + <locale>ro</locale> + <locale>ru</locale> + <locale>sr</locale> + <locale>sr@latin</locale> + <locale>si</locale> + <locale>sk</locale> + <locale>sl</locale> + <locale>es</locale> + <locale>sv</locale> + <locale>tg</locale> + <locale>ta</locale> + <locale>te</locale> + <locale>th</locale> + <locale>bo</locale> + <locale>tr</locale> + <locale>tw</locale> + <locale>uk</locale> + <locale>ur</locale> + <locale>vi</locale> + <locale>cy</locale> + <locale>zu</locale> + <locale>wba</locale> + </locales> + <rules/> +</config>